Malware Analysis Report

2024-11-30 04:06

Sample ID 240408-a9ghmsbh65
Target bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c
SHA256 bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c

Threat Level: Known bad

The file bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:54

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:54

Reported

2024-04-08 00:57

Platform

win7-20240220-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang xxx hot (!) hole (Gina,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast full movie cock 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian cumshot lesbian masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\sperm [milf] young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse catfight feet upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese beastiality horse big castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\tyrkish handjob gay full movie cock .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\black gang bang lesbian [free] upskirt (Gina,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american cumshot beast girls feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\russian handjob fucking several models glans mature (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Google\Temp\lingerie licking stockings (Christine,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\blowjob big .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\danish porn blowjob hot (!) (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Windows Journal\Templates\danish action hardcore public lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob uncut (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\hardcore uncut lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish gang bang hardcore public mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\indian action lesbian [milf] glans pregnant (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\DVD Maker\Shared\fucking full movie young .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\tyrkish porn sperm sleeping cock shower (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tyrkish fetish xxx catfight feet 50+ (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\danish cumshot xxx [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking uncut titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\trambling big (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\swedish horse lingerie catfight high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\norwegian gay [free] (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian porn bukkake voyeur lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\trambling sleeping glans (Sonja,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\PLA\Templates\american gang bang xxx voyeur boots .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\norwegian gay big (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\tmp\brasilian handjob beast [bangbus] boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\lingerie girls (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\american porn bukkake catfight feet black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\swedish action gay sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\swedish fetish gay licking titts ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\nude lingerie voyeur titts wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\danish fetish trambling catfight (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\german trambling hot (!) mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\italian cumshot fucking voyeur glans .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish animal xxx voyeur bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\trambling girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\kicking lesbian [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\french lesbian [bangbus] young (Sonja,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\canadian blowjob public (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\fucking uncut titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\animal hardcore uncut young .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\lingerie hidden glans ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\horse lingerie girls (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\beastiality beast [milf] hole young (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\italian kicking sperm masturbation titts 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\trambling masturbation glans bondage (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\african hardcore [bangbus] (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\beastiality fucking uncut (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\german trambling licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\gang bang fucking several models hole granny (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\hardcore catfight fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\russian handjob fucking uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\sperm [milf] hole high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian handjob sperm voyeur feet traffic (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\danish nude lesbian [bangbus] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\lingerie girls titts boots .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\hardcore girls ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish handjob horse [bangbus] young .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia fucking uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\animal bukkake [milf] sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\malaysia blowjob catfight feet 40+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\indian kicking beast voyeur glans gorgeoushorny (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\security\templates\brasilian cum horse big titts (Kathrin,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\gay catfight ìï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\trambling [free] hotel (Gina,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british xxx licking .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\trambling catfight titts balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\malaysia gay voyeur titts pregnant (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\african horse [free] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\spanish blowjob hidden (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\russian nude xxx public feet shoes (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\xxx sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\asian sperm full movie hole granny .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\asian lingerie [free] young .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\handjob beast licking latex .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\canadian gay several models feet .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\chinese blowjob [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\horse several models 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\temp\trambling licking (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\Downloaded Program Files\sperm sleeping 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\russian fetish lesbian hot (!) glans balls .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian fetish trambling sleeping cock lady (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2064 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2064 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2064 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2064 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2800 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2800 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2800 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2800 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 39.12.170.107.in-addr.arpa udp
US 8.8.8.8:53 111.125.87.159.in-addr.arpa udp
US 8.8.8.8:53 251.51.46.227.in-addr.arpa udp
US 8.8.8.8:53 115.115.33.35.in-addr.arpa udp
US 8.8.8.8:53 12.15.38.144.in-addr.arpa udp
US 8.8.8.8:53 255.241.175.167.in-addr.arpa udp
US 8.8.8.8:53 3.204.172.196.in-addr.arpa udp
US 8.8.8.8:53 72.167.171.189.in-addr.arpa udp
US 8.8.8.8:53 170.221.122.118.in-addr.arpa udp
US 8.8.8.8:53 182.239.145.122.in-addr.arpa udp
US 8.8.8.8:53 4.166.252.113.in-addr.arpa udp
US 8.8.8.8:53 141.229.245.166.in-addr.arpa udp
US 8.8.8.8:53 155.152.169.164.in-addr.arpa udp
US 8.8.8.8:53 184.65.192.254.in-addr.arpa udp
US 8.8.8.8:53 157.149.217.62.in-addr.arpa udp
US 8.8.8.8:53 147.148.47.222.in-addr.arpa udp
US 8.8.8.8:53 97.31.35.62.in-addr.arpa udp
US 8.8.8.8:53 40.64.107.68.in-addr.arpa udp
US 8.8.8.8:53 225.185.106.100.in-addr.arpa udp
US 8.8.8.8:53 14.197.176.21.in-addr.arpa udp
US 8.8.8.8:53 131.16.148.202.in-addr.arpa udp
US 8.8.8.8:53 196.43.87.50.in-addr.arpa udp
US 8.8.8.8:53 70.94.163.213.in-addr.arpa udp
US 8.8.8.8:53 4.129.4.87.in-addr.arpa udp
US 8.8.8.8:53 183.135.99.168.in-addr.arpa udp
US 8.8.8.8:53 189.74.86.188.in-addr.arpa udp
US 8.8.8.8:53 248.101.185.250.in-addr.arpa udp
US 8.8.8.8:53 5.133.211.144.in-addr.arpa udp
US 8.8.8.8:53 184.222.111.112.in-addr.arpa udp
US 8.8.8.8:53 174.35.25.79.in-addr.arpa udp

Files

memory/2064-0-0x0000000000400000-0x0000000000456000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\blowjob uncut (Sylvia).zip.exe

MD5 51dd4a2c25837669d35ad1d175b7ef82
SHA1 2ae909299b22f5ed795bb1065be9641b3650a786
SHA256 aa03f7b87aeaab7d23f5ef8a29948aa3dff61887c7c2749a24252e23a2897680
SHA512 178415182fc144ccf6411495aae352fb71f74ff581d4aa885bd0ae64b632441a38331d0577d65aefc75d9aa7f7e8cbbd4a4b99acce8d3bb3b648051fceb8b868

memory/2064-58-0x0000000006420000-0x0000000006476000-memory.dmp

memory/2800-59-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2800-88-0x0000000004E60000-0x0000000004EB6000-memory.dmp

memory/2704-89-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2064-106-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2064-108-0x0000000006420000-0x0000000006476000-memory.dmp

memory/2800-109-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2800-110-0x0000000004E60000-0x0000000004EB6000-memory.dmp

memory/2704-111-0x0000000000400000-0x0000000000456000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:54

Reported

2024-04-08 00:57

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\french horse nude hidden (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black animal horse [free] legs hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian action several models boots (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian fetish girls traffic (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie animal full movie 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\indian nude nude catfight titts .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lesbian [milf] (Britney,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian gay [milf] boobs black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\handjob hot (!) (Jade,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\german horse licking legs (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling trambling lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cum lesbian ash (Sonja,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\cumshot [milf] (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian hardcore girls (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\italian nude several models hole (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian bukkake uncut feet bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Google\Temp\lesbian fucking uncut hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish beast gay hot (!) upskirt (Karin,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\chinese action handjob uncut beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\fucking beast licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish nude voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\gang bang kicking full movie ΋ (Samantha,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\lingerie animal [free] sm .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\beastiality voyeur black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian gay beast lesbian (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\lesbian hardcore girls blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\dotnet\shared\trambling lesbian big nipples circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\norwegian horse nude sleeping vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black action animal [free] glans balls (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\sperm bukkake hot (!) Ôï (Melissa,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\beastiality public upskirt (Jade,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\tmp\french hardcore beastiality girls (Sonja,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\black kicking girls titts .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\british fucking big (Sonja,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\canadian beastiality masturbation stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish blowjob masturbation hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\spanish trambling beastiality masturbation (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\sperm beast voyeur gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish beastiality hidden high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian lingerie voyeur girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\blowjob big 40+ (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\beast fucking hot (!) glans bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\gay gang bang girls legs lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\blowjob kicking hidden glans bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\action handjob public YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\african kicking horse [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\fucking handjob several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\horse xxx hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\russian gay several models bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\fetish blowjob [free] bondage (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\british gang bang kicking licking castration (Christine,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\asian action [bangbus] cock (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\norwegian kicking masturbation (Liz,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\trambling voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\swedish horse public nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\malaysia handjob animal voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\gang bang beastiality [bangbus] traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_7636d1cd418015c8\german handjob lesbian beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\chinese cumshot gang bang hot (!) legs shoes (Tatjana,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\hardcore full movie balls .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\african lingerie [bangbus] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\russian blowjob sleeping mature .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\french cumshot sleeping nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\asian cumshot hidden beautyfull (Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\black animal full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese sperm [bangbus] hole (Samantha,Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\assembly\temp\hardcore big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\swedish blowjob public circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\indian animal fetish hot (!) nipples traffic (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\horse catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\nude action hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\sperm public shower (Christine,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\Downloaded Program Files\swedish beast animal big (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\horse [bangbus] swallow (Curtney,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\handjob licking ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\swedish cumshot trambling uncut sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\african handjob hidden 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\american fucking big .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\french beastiality sleeping titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\chinese cumshot several models latex .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\american horse beastiality [bangbus] ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian hardcore lesbian titts shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\tyrkish handjob [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\japanese blowjob cum [free] traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\blowjob beast masturbation beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\swedish beastiality sleeping 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\french animal licking .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\brasilian fetish several models .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\chinese cum fucking [bangbus] redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\russian beast nude [bangbus] glans (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\african blowjob lesbian voyeur circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\nude handjob [milf] hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay gay lesbian vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3944 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 3944 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 3944 wrote to memory of 2936 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 3944 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 3944 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 3944 wrote to memory of 1596 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2936 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2936 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe
PID 2936 wrote to memory of 3548 N/A C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe

"C:\Users\Admin\AppData\Local\Temp\bc63d3a01fec4bd21705747e9e0c6d0b77fbc2ce56d0c93bf2a1b42bd30f125c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 72.246.173.187:80 www.microsoft.com tcp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 115.55.12.26.in-addr.arpa udp
US 8.8.8.8:53 186.217.92.155.in-addr.arpa udp
US 8.8.8.8:53 174.7.115.77.in-addr.arpa udp
US 8.8.8.8:53 14.175.24.131.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 86.100.109.57.in-addr.arpa udp
US 8.8.8.8:53 99.5.18.230.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 48.194.208.55.in-addr.arpa udp
US 8.8.8.8:53 194.94.133.121.in-addr.arpa udp
US 8.8.8.8:53 39.30.199.210.in-addr.arpa udp
US 8.8.8.8:53 77.192.173.166.in-addr.arpa udp
US 8.8.8.8:53 130.166.176.55.in-addr.arpa udp
US 8.8.8.8:53 128.11.107.74.in-addr.arpa udp
US 8.8.8.8:53 236.109.230.139.in-addr.arpa udp
US 8.8.8.8:53 57.80.160.150.in-addr.arpa udp
US 8.8.8.8:53 134.184.9.220.in-addr.arpa udp
US 8.8.8.8:53 225.64.37.20.in-addr.arpa udp
US 8.8.8.8:53 14.17.167.200.in-addr.arpa udp
US 8.8.8.8:53 196.142.170.91.in-addr.arpa udp
US 8.8.8.8:53 102.122.209.104.in-addr.arpa udp
US 8.8.8.8:53 63.223.183.33.in-addr.arpa udp
US 8.8.8.8:53 215.25.55.172.in-addr.arpa udp
US 8.8.8.8:53 182.248.72.3.in-addr.arpa udp
US 8.8.8.8:53 205.69.89.136.in-addr.arpa udp
US 8.8.8.8:53 233.174.201.230.in-addr.arpa udp
US 8.8.8.8:53 187.206.154.244.in-addr.arpa udp
US 8.8.8.8:53 58.152.220.70.in-addr.arpa udp
US 8.8.8.8:53 42.89.161.145.in-addr.arpa udp
US 8.8.8.8:53 192.226.53.38.in-addr.arpa udp
US 8.8.8.8:53 88.207.211.105.in-addr.arpa udp
US 8.8.8.8:53 74.139.61.42.in-addr.arpa udp
US 8.8.8.8:53 46.17.148.219.in-addr.arpa udp
US 8.8.8.8:53 39.98.236.213.in-addr.arpa udp
US 8.8.8.8:53 62.232.145.43.in-addr.arpa udp
US 8.8.8.8:53 126.132.96.252.in-addr.arpa udp
US 8.8.8.8:53 198.86.175.225.in-addr.arpa udp
US 8.8.8.8:53 104.34.25.190.in-addr.arpa udp
US 8.8.8.8:53 180.144.177.59.in-addr.arpa udp
US 8.8.8.8:53 197.229.128.6.in-addr.arpa udp
US 8.8.8.8:53 22.81.215.175.in-addr.arpa udp
US 8.8.8.8:53 253.222.131.76.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 77.93.45.135.in-addr.arpa udp
US 8.8.8.8:53 2.172.194.51.in-addr.arpa udp
US 8.8.8.8:53 247.42.28.82.in-addr.arpa udp
US 8.8.8.8:53 212.132.22.51.in-addr.arpa udp
US 8.8.8.8:53 34.219.157.228.in-addr.arpa udp
US 8.8.8.8:53 135.133.151.95.in-addr.arpa udp
US 8.8.8.8:53 242.90.165.9.in-addr.arpa udp
US 8.8.8.8:53 208.19.9.123.in-addr.arpa udp
US 8.8.8.8:53 127.196.143.44.in-addr.arpa udp
US 8.8.8.8:53 102.191.32.203.in-addr.arpa udp
US 8.8.8.8:53 207.63.234.224.in-addr.arpa udp
US 8.8.8.8:53 79.185.237.186.in-addr.arpa udp
US 8.8.8.8:53 231.189.136.59.in-addr.arpa udp
US 8.8.8.8:53 178.140.135.223.in-addr.arpa udp
US 8.8.8.8:53 162.63.4.225.in-addr.arpa udp
US 8.8.8.8:53 22.188.106.174.in-addr.arpa udp
US 8.8.8.8:53 179.84.27.235.in-addr.arpa udp
US 8.8.8.8:53 221.252.192.193.in-addr.arpa udp
US 8.8.8.8:53 103.23.98.169.in-addr.arpa udp
US 8.8.8.8:53 64.205.48.17.in-addr.arpa udp
US 8.8.8.8:53 169.21.228.42.in-addr.arpa udp
US 8.8.8.8:53 44.215.191.119.in-addr.arpa udp
US 8.8.8.8:53 158.254.218.207.in-addr.arpa udp
US 8.8.8.8:53 29.101.154.117.in-addr.arpa udp
US 8.8.8.8:53 168.230.197.107.in-addr.arpa udp
US 8.8.8.8:53 114.96.112.134.in-addr.arpa udp
US 8.8.8.8:53 15.213.39.129.in-addr.arpa udp
US 8.8.8.8:53 61.51.152.139.in-addr.arpa udp
US 8.8.8.8:53 230.217.213.29.in-addr.arpa udp
US 8.8.8.8:53 33.194.205.247.in-addr.arpa udp
US 8.8.8.8:53 170.150.13.199.in-addr.arpa udp
US 8.8.8.8:53 56.5.235.116.in-addr.arpa udp
US 8.8.8.8:53 178.172.100.83.in-addr.arpa udp

Files

memory/3944-0-0x0000000000400000-0x0000000000456000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish nude voyeur .rar.exe

MD5 3ab936734c44dc04e239e43b5347b5bf
SHA1 94d7a8e5a6a3e53fe34473ec1f8c8d3864f4df6a
SHA256 9dca949aee84e8bb394e7913922bbe981f0f4b1dd83660da071d1a8d4a21f65c
SHA512 e8f388936f599dfc626ffd61b183650f6d176155996aa2fa0b4803545a43e308d1a233e3468b2c126baebdf7e0fbae6593d97ab5ee5000a268e6ba57f8f6fb64

memory/2936-146-0x0000000000400000-0x0000000000456000-memory.dmp

memory/1596-174-0x0000000000400000-0x0000000000456000-memory.dmp

memory/3548-176-0x0000000000400000-0x0000000000456000-memory.dmp

memory/3944-194-0x0000000000400000-0x0000000000456000-memory.dmp

memory/2936-200-0x0000000000400000-0x0000000000456000-memory.dmp

memory/1596-201-0x0000000000400000-0x0000000000456000-memory.dmp

memory/3548-202-0x0000000000400000-0x0000000000456000-memory.dmp