Malware Analysis Report

2024-11-30 04:05

Sample ID 240408-a8azgabh34
Target bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63
SHA256 bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63

Threat Level: Known bad

The file bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:52

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:52

Reported

2024-04-08 00:55

Platform

win7-20231129-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\brasilian porn lingerie [free] cock 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\swedish horse gay [free] shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\IME\shared\indian action lingerie lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\malaysia sperm girls cock leather .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\gay lesbian feet gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\System32\DriverStore\Temp\danish gang bang blowjob lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american action gay public glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse public cock blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese horse gay full movie hole granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish cumshot hardcore public (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\brasilian nude hardcore public shower .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish action beast [milf] titts leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\trambling full movie cock black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian cumshot bukkake uncut cock .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\danish porn lesbian lesbian hole stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese beastiality sperm big (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish handjob bukkake [milf] hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\hardcore hot (!) feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian beastiality trambling [free] glans shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black kicking fucking masturbation gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish porn bukkake big glans ash .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\lingerie [bangbus] glans (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\DVD Maker\Shared\xxx voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Windows Journal\Templates\lingerie uncut 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish animal lesbian sleeping hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\sperm full movie ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\spanish blowjob lesbian glans high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\temp\trambling public .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\hardcore sleeping (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\canadian sperm public feet .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fucking public titts girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\blowjob uncut hole balls (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling girls feet castration (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish animal xxx full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\russian handjob sperm voyeur granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\cumshot fucking big mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\fucking several models (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\norwegian fucking hidden titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\german trambling lesbian hole granny (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\lingerie masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\asian lingerie licking (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\beast [free] swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\canadian fucking sleeping black hairunshaved (Kathrin,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\canadian xxx hot (!) cock (Kathrin,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\handjob gay sleeping feet hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\spanish lesbian several models traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese nude horse licking sm .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\asian bukkake hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\tyrkish cum beast uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\british gay public feet YEâPSè& (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish porn xxx full movie hole wifey (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\tmp\hardcore voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob [bangbus] hole young .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\Temp\gay full movie glans latex (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\japanese gang bang gay lesbian cock .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\norwegian blowjob catfight titts bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\beastiality beast [bangbus] femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\italian action bukkake catfight cock traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\beastiality beast sleeping pregnant (Sonja,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\brasilian nude fucking [free] (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\chinese horse lesbian glans .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\trambling hot (!) feet pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\malaysia lingerie [free] bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\norwegian gay [bangbus] hole granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian fetish fucking uncut bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese handjob beast [milf] shower .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\tyrkish handjob fucking [free] black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\hardcore several models hole mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\fucking voyeur cock lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\japanese action fucking uncut titts upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\bukkake [free] high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish action sperm uncut hole boots .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\african xxx [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\blowjob lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\cum blowjob big cock 50+ (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\norwegian fucking licking cock .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\british blowjob girls (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\tyrkish fetish xxx [milf] granny .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish porn horse full movie stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\american cum lingerie sleeping (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\japanese cumshot xxx girls (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking fucking masturbation (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese gay masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\beastiality gay uncut ìï (Gina,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\xxx girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian trambling catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\malaysia lesbian [free] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\cumshot bukkake lesbian (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1972 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 1972 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 1972 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 1972 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2612 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2612 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2612 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2612 wrote to memory of 2508 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 240.1.68.151.in-addr.arpa udp
US 8.8.8.8:53 167.43.7.115.in-addr.arpa udp
US 8.8.8.8:53 218.193.99.189.in-addr.arpa udp
US 8.8.8.8:53 115.126.106.62.in-addr.arpa udp
US 8.8.8.8:53 126.178.18.65.in-addr.arpa udp
US 8.8.8.8:53 60.51.234.219.in-addr.arpa udp
US 8.8.8.8:53 65.51.71.109.in-addr.arpa udp
US 8.8.8.8:53 45.168.2.114.in-addr.arpa udp
US 8.8.8.8:53 15.171.142.99.in-addr.arpa udp
US 8.8.8.8:53 183.249.94.254.in-addr.arpa udp
US 8.8.8.8:53 13.101.223.43.in-addr.arpa udp
US 8.8.8.8:53 75.53.243.72.in-addr.arpa udp
US 8.8.8.8:53 221.86.158.234.in-addr.arpa udp
US 8.8.8.8:53 121.205.6.78.in-addr.arpa udp
US 8.8.8.8:53 130.71.113.125.in-addr.arpa udp
US 8.8.8.8:53 36.192.165.199.in-addr.arpa udp
US 8.8.8.8:53 136.107.30.209.in-addr.arpa udp
US 8.8.8.8:53 197.70.197.37.in-addr.arpa udp
US 8.8.8.8:53 29.182.208.193.in-addr.arpa udp
US 8.8.8.8:53 221.142.96.13.in-addr.arpa udp
US 8.8.8.8:53 32.236.102.24.in-addr.arpa udp
US 8.8.8.8:53 167.206.39.150.in-addr.arpa udp
US 8.8.8.8:53 241.69.138.24.in-addr.arpa udp
US 8.8.8.8:53 4.180.55.193.in-addr.arpa udp
US 8.8.8.8:53 66.250.203.153.in-addr.arpa udp
US 8.8.8.8:53 137.39.63.180.in-addr.arpa udp
US 8.8.8.8:53 126.84.229.147.in-addr.arpa udp

Files

memory/1972-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish action beast [milf] titts leather .mpg.exe

MD5 2ca8f5ce48c2c1fda148afa3a7ffaf62
SHA1 d5abdedfb9b48f39344a9a9058e4dc9166f9a08b
SHA256 0ff8d83658770c85cb28925c04bbecc2a3f4b5bb2d9b8e3b530cf7cf297570dd
SHA512 6cc79dd9859478d71e546212cde99dbdea83c5e625f1d4d72763ad3490d68f7f361790a13745a821790b0032d0efbbc53ea63984469f793fcbd6fe487f6e3dc9

memory/1972-65-0x0000000004930000-0x000000000494D000-memory.dmp

memory/2612-66-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2612-89-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

memory/2508-90-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-94-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2612-103-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2508-104-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-105-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-108-0x0000000004930000-0x000000000494D000-memory.dmp

memory/2612-109-0x0000000004AB0000-0x0000000004ACD000-memory.dmp

memory/1972-110-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-113-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-116-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-121-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-124-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-127-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-130-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-133-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-136-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-139-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-142-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1972-145-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:52

Reported

2024-04-08 00:55

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\handjob hardcore hidden cock traffic (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\sperm licking feet penetration (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse full movie feet 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian cum horse catfight balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\italian animal gay sleeping traffic (Anniston,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish porn gay hot (!) traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black fetish trambling lesbian cock YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse hardcore lesbian cock granny .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling [bangbus] ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\japanese nude gay sleeping fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish beastiality lesbian [bangbus] latex .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\System32\DriverStore\Temp\hardcore hot (!) hole (Anniston,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\russian fetish bukkake full movie mature .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian cumshot lesbian [bangbus] glans boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\american nude hardcore hot (!) feet bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling public glans (Kathrin,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese handjob gay [bangbus] titts (Sonja,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\xxx [milf] mature .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\swedish animal gay [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black kicking beast public titts .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish kicking lesbian catfight traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish kicking lesbian sleeping titts bedroom (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian gay big latex .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\american porn bukkake public (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\dotnet\shared\american action lesbian big sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish handjob horse several models feet swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files (x86)\Google\Temp\russian beastiality lingerie hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish animal trambling several models .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\lingerie sleeping (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\trambling voyeur (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\italian cum horse masturbation hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\british beast girls wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\german lesbian big young (Gina,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\animal xxx uncut upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\canadian beast public cock (Sonja,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\gay full movie feet (Gina,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob masturbation glans high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\InputMethod\SHARED\blowjob [milf] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\tmp\swedish gang bang bukkake big cock .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\malaysia gay masturbation cock redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\chinese beast public titts ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\swedish beastiality blowjob licking titts (Ashley,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\xxx hot (!) ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\gay big glans sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\american action fucking [bangbus] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\brasilian porn lesbian voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\gang bang lesbian full movie (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\italian fetish sperm lesbian pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\american horse blowjob lesbian (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\fetish lingerie licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish cumshot xxx [milf] sm .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\nude gay [free] (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\canadian fucking sleeping hotel (Sonja,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\italian action blowjob lesbian hole 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\american action hardcore several models feet sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\fetish sperm hidden granny (Kathrin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\handjob trambling big glans traffic (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\animal gay licking mature .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\asian sperm masturbation feet 50+ (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\horse lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\beastiality xxx full movie cock upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse catfight glans beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\swedish nude trambling [milf] titts boots (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\beastiality lesbian [free] titts swallow (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\swedish action gay catfight (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\porn blowjob hidden hole sm (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\italian handjob blowjob several models cock (Christine,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\chinese sperm full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\american cumshot lesbian lesbian 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\canadian bukkake lesbian sm .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking masturbation glans YEâPSè& (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\horse hot (!) titts bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\lesbian [free] shower (Sonja,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\sperm masturbation (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\canadian blowjob licking titts redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\italian cum hardcore [bangbus] (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\canadian blowjob voyeur balls .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\british sperm sleeping glans blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\kicking bukkake lesbian (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\indian handjob lingerie masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\indian nude blowjob girls cock sm .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\brasilian nude fucking full movie (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\swedish action gay hot (!) hole .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\russian action fucking hidden titts (Kathrin,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\tyrkish cumshot lingerie several models cock .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\action fucking big hole beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\SoftwareDistribution\Download\asian lingerie big glans traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german hardcore hot (!) blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse horse hot (!) glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian animal lesbian voyeur hole (Anniston,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\porn lesbian catfight glans pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\german lesbian lesbian feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\norwegian horse [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\asian gay voyeur feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german trambling several models hole hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3588 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 3588 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 3588 wrote to memory of 2964 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 3588 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 3588 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 3588 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2964 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2964 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe
PID 2964 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe

"C:\Users\Admin\AppData\Local\Temp\bb7782e582fef23424ba4dab70c6083131a2865974eb466b661e57c4ce7a0b63.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 243.220.149.183.in-addr.arpa udp
US 8.8.8.8:53 74.180.151.184.in-addr.arpa udp
US 8.8.8.8:53 72.100.247.227.in-addr.arpa udp
US 8.8.8.8:53 208.156.224.127.in-addr.arpa udp
US 8.8.8.8:53 106.208.170.80.in-addr.arpa udp
US 8.8.8.8:53 203.155.68.21.in-addr.arpa udp
US 8.8.8.8:53 228.75.29.82.in-addr.arpa udp
US 8.8.8.8:53 197.171.222.46.in-addr.arpa udp
US 8.8.8.8:53 203.73.255.38.in-addr.arpa udp
US 8.8.8.8:53 49.207.157.75.in-addr.arpa udp
US 8.8.8.8:53 42.162.234.42.in-addr.arpa udp
US 8.8.8.8:53 69.82.172.243.in-addr.arpa udp
US 8.8.8.8:53 62.213.66.19.in-addr.arpa udp
US 8.8.8.8:53 133.162.63.66.in-addr.arpa udp
US 8.8.8.8:53 56.60.193.134.in-addr.arpa udp
US 8.8.8.8:53 122.28.230.169.in-addr.arpa udp
US 8.8.8.8:53 116.163.118.101.in-addr.arpa udp
US 8.8.8.8:53 71.181.126.242.in-addr.arpa udp
US 8.8.8.8:53 180.188.146.52.in-addr.arpa udp
US 8.8.8.8:53 159.191.186.220.in-addr.arpa udp
US 8.8.8.8:53 193.121.150.175.in-addr.arpa udp
US 8.8.8.8:53 139.182.238.92.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 216.97.56.99.in-addr.arpa udp
US 8.8.8.8:53 205.204.206.50.in-addr.arpa udp
US 8.8.8.8:53 150.97.66.86.in-addr.arpa udp
US 8.8.8.8:53 245.35.159.151.in-addr.arpa udp
US 8.8.8.8:53 254.200.244.198.in-addr.arpa udp
US 8.8.8.8:53 189.103.12.219.in-addr.arpa udp
US 8.8.8.8:53 193.135.37.45.in-addr.arpa udp
US 8.8.8.8:53 178.19.247.64.in-addr.arpa udp
US 8.8.8.8:53 74.165.151.181.in-addr.arpa udp
US 8.8.8.8:53 225.108.181.131.in-addr.arpa udp
US 8.8.8.8:53 100.176.117.109.in-addr.arpa udp
US 8.8.8.8:53 75.208.177.199.in-addr.arpa udp
US 8.8.8.8:53 193.198.117.211.in-addr.arpa udp
US 8.8.8.8:53 171.223.37.33.in-addr.arpa udp
US 8.8.8.8:53 17.136.14.236.in-addr.arpa udp
US 8.8.8.8:53 16.25.197.180.in-addr.arpa udp
US 8.8.8.8:53 207.10.146.238.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 96.114.150.237.in-addr.arpa udp
US 8.8.8.8:53 113.230.131.83.in-addr.arpa udp
US 8.8.8.8:53 117.222.195.148.in-addr.arpa udp
US 8.8.8.8:53 25.66.129.196.in-addr.arpa udp
US 8.8.8.8:53 56.22.53.125.in-addr.arpa udp
US 8.8.8.8:53 89.227.103.235.in-addr.arpa udp
US 8.8.8.8:53 160.103.138.204.in-addr.arpa udp
US 8.8.8.8:53 144.4.116.85.in-addr.arpa udp
US 8.8.8.8:53 237.14.157.114.in-addr.arpa udp
US 8.8.8.8:53 21.171.19.106.in-addr.arpa udp
US 8.8.8.8:53 174.247.238.127.in-addr.arpa udp
US 8.8.8.8:53 232.140.89.76.in-addr.arpa udp
US 8.8.8.8:53 51.103.8.237.in-addr.arpa udp
US 8.8.8.8:53 48.50.76.135.in-addr.arpa udp
US 8.8.8.8:53 188.91.119.108.in-addr.arpa udp
US 8.8.8.8:53 80.194.58.33.in-addr.arpa udp
US 8.8.8.8:53 75.42.77.30.in-addr.arpa udp
US 8.8.8.8:53 225.153.51.123.in-addr.arpa udp
US 8.8.8.8:53 193.203.61.1.in-addr.arpa udp
US 8.8.8.8:53 45.247.253.180.in-addr.arpa udp
US 8.8.8.8:53 186.145.185.103.in-addr.arpa udp
US 8.8.8.8:53 193.88.6.31.in-addr.arpa udp
US 8.8.8.8:53 30.43.112.65.in-addr.arpa udp
US 8.8.8.8:53 174.143.104.116.in-addr.arpa udp
US 8.8.8.8:53 213.95.144.97.in-addr.arpa udp
US 8.8.8.8:53 218.35.12.136.in-addr.arpa udp
US 8.8.8.8:53 255.97.188.89.in-addr.arpa udp
US 8.8.8.8:53 89.122.53.204.in-addr.arpa udp
US 8.8.8.8:53 48.56.30.252.in-addr.arpa udp
US 8.8.8.8:53 88.37.218.111.in-addr.arpa udp
US 8.8.8.8:53 126.70.47.56.in-addr.arpa udp
US 8.8.8.8:53 225.202.26.186.in-addr.arpa udp

Files

memory/3588-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish handjob horse several models feet swallow .mpeg.exe

MD5 717056f6a1933a057b98bd573aac78d1
SHA1 c28e3530d811c5dfb42fb339d4130e50d6ed7ba5
SHA256 ec141cf9f1aa9b764ca4bb4092f8edc7d5fd401f42c611fb3f35fe08205c8e08
SHA512 5b6d9732a169962a3e741bec7e17972db342d0ee367327f8ae7487c217cf4e497a1243247c347d37cf4c3d71b272b753b763c1bad2241d536251a460e525d43d

memory/2964-110-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3732-165-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-183-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2964-184-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5056-185-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3732-186-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-188-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-190-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-195-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-205-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-209-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-214-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-218-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-222-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-226-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-230-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-234-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-238-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-242-0x0000000000400000-0x000000000041D000-memory.dmp

memory/3588-246-0x0000000000400000-0x000000000041D000-memory.dmp