Malware Analysis Report

2024-11-30 04:08

Sample ID 240408-ba19fabh94
Target bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae
SHA256 bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae

Threat Level: Known bad

The file bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 00:57

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 00:57

Reported

2024-04-08 00:59

Platform

win7-20231129-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish gang bang xxx public .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore lesbian fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian kicking fucking masturbation YEâPSè& (Sonja,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american cum bukkake [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african sperm several models YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\blowjob lesbian swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\hardcore licking boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\IME\shared\fucking girls titts .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling licking lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\System32\DriverStore\Temp\canadian lesbian hot (!) (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\italian nude hardcore [milf] feet lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\tyrkish beastiality trambling [free] glans pregnant (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian nude lesbian [free] (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish nude hardcore [milf] latex .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\black animal fucking sleeping feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\swedish cumshot hardcore catfight feet swallow (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\hardcore sleeping cock circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\brasilian kicking gay uncut balls .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast voyeur stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn fucking public .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Google\Temp\lesbian lesbian blondie (Kathrin,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\japanese kicking lingerie voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\sperm girls glans redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\DVD Maker\Shared\indian gang bang horse big (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american fetish lesbian [milf] titts shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian gang bang sperm hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\german lesbian [free] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake big hole latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\african lesbian several models feet .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\tyrkish animal gay public cock (Jenna,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\handjob hardcore licking latex (Ashley,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\malaysia gay [milf] (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\canadian xxx full movie feet pregnant (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\malaysia horse voyeur sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\nude sperm hot (!) black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian uncut hole ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian gang bang lesbian [bangbus] glans 40+ (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\spanish bukkake lesbian cock sm .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\handjob beast big glans sm .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\blowjob uncut glans boots .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\canadian sperm [milf] ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\Temp\swedish gang bang bukkake licking hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\blowjob masturbation ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\french bukkake girls feet boots (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian girls .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\Downloaded Program Files\hardcore [milf] (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\cum lingerie hot (!) hole mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\african hardcore voyeur mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\malaysia gay [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african gay full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\swedish gang bang trambling public bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\malaysia lingerie hot (!) feet .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\danish kicking lingerie girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking trambling lesbian (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\temp\blowjob big titts fishy (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\PLA\Templates\american kicking hardcore [free] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lesbian hot (!) titts mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\russian animal fucking voyeur ìï (Britney,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\horse public ash .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\animal beast licking blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\hardcore hidden cock swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\bukkake masturbation feet wifey (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\indian gang bang bukkake big traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\kicking xxx catfight ejaculation (Britney,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\russian animal fucking catfight (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\norwegian xxx full movie glans traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\spanish lingerie [milf] (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\asian sperm uncut titts hotel (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\fetish lesbian big (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\asian trambling uncut hole lady .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore several models cock swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\canadian blowjob [bangbus] feet balls .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\horse fucking sleeping feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\beast licking traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\british hardcore sleeping feet penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\horse hardcore hidden glans .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian fetish lesbian several models hole .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german blowjob big (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\swedish beastiality horse [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese action trambling licking black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\chinese gay several models .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\sperm masturbation black hairunshaved (Anniston,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\animal fucking hidden gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american action lingerie [free] circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\british bukkake public glans ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian beast several models cock shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\norwegian blowjob licking young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2232 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2232 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2232 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2232 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2812 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2812 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2812 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 2812 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 173.147.70.1.in-addr.arpa udp
US 8.8.8.8:53 174.102.78.75.in-addr.arpa udp
US 8.8.8.8:53 219.120.134.248.in-addr.arpa udp
US 8.8.8.8:53 76.136.64.63.in-addr.arpa udp
US 8.8.8.8:53 190.167.224.154.in-addr.arpa udp
US 8.8.8.8:53 207.67.172.61.in-addr.arpa udp
US 8.8.8.8:53 147.248.189.55.in-addr.arpa udp
US 8.8.8.8:53 172.117.209.77.in-addr.arpa udp
US 8.8.8.8:53 22.240.70.96.in-addr.arpa udp
US 8.8.8.8:53 26.17.57.201.in-addr.arpa udp
US 8.8.8.8:53 89.84.152.227.in-addr.arpa udp
US 8.8.8.8:53 255.152.166.139.in-addr.arpa udp
US 8.8.8.8:53 52.94.7.109.in-addr.arpa udp
US 8.8.8.8:53 195.23.87.52.in-addr.arpa udp
US 8.8.8.8:53 70.199.50.80.in-addr.arpa udp
US 8.8.8.8:53 218.235.85.248.in-addr.arpa udp
US 8.8.8.8:53 69.127.84.220.in-addr.arpa udp
US 8.8.8.8:53 184.10.44.187.in-addr.arpa udp
US 8.8.8.8:53 41.213.136.127.in-addr.arpa udp
US 8.8.8.8:53 105.243.55.102.in-addr.arpa udp
US 8.8.8.8:53 81.27.35.51.in-addr.arpa udp
US 8.8.8.8:53 94.235.234.193.in-addr.arpa udp
US 8.8.8.8:53 102.87.93.113.in-addr.arpa udp
US 8.8.8.8:53 210.236.75.199.in-addr.arpa udp
US 8.8.8.8:53 49.225.14.233.in-addr.arpa udp
US 8.8.8.8:53 109.214.105.49.in-addr.arpa udp
US 8.8.8.8:53 101.5.241.88.in-addr.arpa udp
US 8.8.8.8:53 189.164.194.32.in-addr.arpa udp
US 8.8.8.8:53 88.52.82.160.in-addr.arpa udp

Files

memory/2232-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish porn fucking public .zip.exe

MD5 bf01463b918ed8ad00ad1c653e265880
SHA1 5d3812b37271425005b6d20b4fe64119c4ea1257
SHA256 b9826ae9f77fcfbbd638b989f233458db6cd0cdf1307b42f0e7a235832546133
SHA512 501d64df771e14d5f0738ec4888fb739d9da8bfb1a98fa29901b62a2421c9347018af371f4f481c18a53719032b96b8357ceb8461e1c535ade3ae465109fde5c

memory/2232-70-0x0000000000860000-0x000000000087E000-memory.dmp

memory/2812-72-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2812-88-0x0000000004CD0000-0x0000000004CEE000-memory.dmp

memory/2924-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2812-102-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2924-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-104-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-107-0x0000000000860000-0x000000000087E000-memory.dmp

memory/2232-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-111-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-114-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-122-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-128-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-134-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-140-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2232-143-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 00:57

Reported

2024-04-08 00:59

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\american cumshot beast masturbation mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\cumshot [bangbus] cock swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking full movie vagina hairy (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black action gay hot (!) girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\handjob sperm public hole (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gang bang full movie nipples bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake [bangbus] hole (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\british gang bang licking nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian fetish lingerie [bangbus] girly .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\handjob several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore masturbation feet (Anniston,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\german fucking [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\blowjob hardcore voyeur stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake [bangbus] \Û .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\handjob [milf] nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\dotnet\shared\asian lingerie hot (!) cock mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude handjob [milf] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\nude kicking [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse animal [bangbus] (Sonja,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\swedish fetish horse hidden granny .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Common Files\microsoft shared\malaysia hardcore licking hotel (Kathrin,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\norwegian bukkake porn [bangbus] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Google\Temp\spanish gang bang uncut high heels (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\british blowjob voyeur cock (Ashley,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lingerie big (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lingerie [free] young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\russian lesbian cum full movie hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\xxx lingerie sleeping penetration (Jenna,Britney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian cumshot masturbation mature .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\fetish beast full movie upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\horse full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\horse full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\japanese blowjob [bangbus] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\swedish cumshot porn sleeping titts (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\bukkake blowjob several models bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\american nude handjob [bangbus] pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\sperm animal sleeping fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\security\templates\malaysia fucking licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\brasilian nude cum voyeur balls .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese beast [milf] (Anniston,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\swedish horse voyeur ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\italian bukkake [bangbus] feet (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\american bukkake hardcore several models nipples mistress (Jenna,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\chinese porn animal girls (Jade,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\xxx [free] bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\japanese sperm fetish licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\japanese cumshot trambling [milf] YEâPSè& (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian porn lesbian girls sm (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\norwegian xxx [milf] ash mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\handjob hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\norwegian fucking licking feet .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\swedish lesbian hidden titts black hairunshaved (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish lesbian balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\canadian horse [bangbus] glans penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\lesbian masturbation hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\blowjob licking ash (Janette,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\black xxx animal hot (!) nipples .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\xxx lesbian [bangbus] nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SoftwareDistribution\Download\spanish gay beast masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\swedish fetish uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\beast cum [milf] titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fetish handjob big redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lingerie [free] shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\action big Ôï (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\bukkake horse big mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\norwegian nude trambling hot (!) boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\handjob [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\german blowjob licking granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\black cum nude voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\indian action [milf] (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\japanese beast [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\black trambling bukkake voyeur shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\african trambling sperm catfight YEâPSè& (Kathrin,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\italian handjob hidden femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\chinese fetish animal uncut boots .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\fucking several models glans .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\japanese fucking girls redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\beastiality lingerie masturbation (Sarah,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\xxx horse public .avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\Downloaded Program Files\american horse trambling sleeping cock mature .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\lingerie gay [free] 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\malaysia xxx fetish licking .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\italian horse gang bang [bangbus] cock latex .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\black cumshot lesbian sleeping glans granny .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\spanish kicking [free] ash mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\swedish lingerie blowjob [milf] balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\lesbian nude lesbian vagina (Britney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\black lingerie cumshot girls (Ashley,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\tyrkish cumshot handjob hot (!) hole YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\fucking masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\beast fucking masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\asian cumshot several models castration .zip.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3576 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 3576 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 3576 wrote to memory of 3484 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 3484 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 3484 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe
PID 3484 wrote to memory of 3832 N/A C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe

"C:\Users\Admin\AppData\Local\Temp\bdb83da3ad73617ed88cdebcbb964ccb5ad238262331b161bc4f1a72781587ae.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 50.89.164.98.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 51.234.158.244.in-addr.arpa udp
US 8.8.8.8:53 121.64.135.158.in-addr.arpa udp
US 8.8.8.8:53 115.174.27.34.in-addr.arpa udp
US 8.8.8.8:53 236.74.21.69.in-addr.arpa udp
US 8.8.8.8:53 175.60.92.199.in-addr.arpa udp
US 8.8.8.8:53 128.114.29.228.in-addr.arpa udp
US 8.8.8.8:53 214.161.89.233.in-addr.arpa udp
US 8.8.8.8:53 93.79.25.249.in-addr.arpa udp
US 8.8.8.8:53 57.114.43.234.in-addr.arpa udp
US 8.8.8.8:53 118.152.201.132.in-addr.arpa udp
US 8.8.8.8:53 140.123.65.225.in-addr.arpa udp
US 8.8.8.8:53 249.95.196.79.in-addr.arpa udp
US 8.8.8.8:53 62.103.150.221.in-addr.arpa udp
US 8.8.8.8:53 182.182.23.217.in-addr.arpa udp
US 8.8.8.8:53 238.127.185.39.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 62.53.137.130.in-addr.arpa udp
US 8.8.8.8:53 82.172.15.27.in-addr.arpa udp
US 8.8.8.8:53 194.12.42.81.in-addr.arpa udp
US 8.8.8.8:53 157.27.220.115.in-addr.arpa udp
US 8.8.8.8:53 119.131.101.70.in-addr.arpa udp
US 8.8.8.8:53 131.3.67.202.in-addr.arpa udp
US 8.8.8.8:53 140.174.200.125.in-addr.arpa udp
US 8.8.8.8:53 234.221.223.148.in-addr.arpa udp
US 8.8.8.8:53 112.84.247.6.in-addr.arpa udp
US 8.8.8.8:53 203.198.223.222.in-addr.arpa udp
US 8.8.8.8:53 7.151.174.32.in-addr.arpa udp
US 8.8.8.8:53 46.44.201.220.in-addr.arpa udp
US 8.8.8.8:53 112.5.123.128.in-addr.arpa udp
US 8.8.8.8:53 192.110.34.17.in-addr.arpa udp
US 8.8.8.8:53 142.234.60.153.in-addr.arpa udp
US 8.8.8.8:53 122.155.67.45.in-addr.arpa udp
US 8.8.8.8:53 200.32.240.169.in-addr.arpa udp
US 8.8.8.8:53 167.147.239.237.in-addr.arpa udp
US 8.8.8.8:53 126.166.109.219.in-addr.arpa udp
US 8.8.8.8:53 2.81.211.77.in-addr.arpa udp
US 8.8.8.8:53 181.197.46.236.in-addr.arpa udp
US 8.8.8.8:53 111.12.137.52.in-addr.arpa udp
US 8.8.8.8:53 171.46.210.240.in-addr.arpa udp
US 8.8.8.8:53 210.174.226.29.in-addr.arpa udp
US 8.8.8.8:53 220.1.203.185.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 156.8.131.191.in-addr.arpa udp
US 8.8.8.8:53 142.40.252.48.in-addr.arpa udp
US 8.8.8.8:53 81.247.26.26.in-addr.arpa udp
US 8.8.8.8:53 25.197.180.227.in-addr.arpa udp
US 8.8.8.8:53 157.169.79.169.in-addr.arpa udp
US 8.8.8.8:53 85.105.74.199.in-addr.arpa udp
US 8.8.8.8:53 192.36.113.181.in-addr.arpa udp
US 8.8.8.8:53 208.99.235.192.in-addr.arpa udp
US 8.8.8.8:53 120.121.152.180.in-addr.arpa udp
US 8.8.8.8:53 235.196.226.94.in-addr.arpa udp
US 8.8.8.8:53 73.155.98.99.in-addr.arpa udp
US 8.8.8.8:53 54.33.98.157.in-addr.arpa udp
US 8.8.8.8:53 234.8.188.234.in-addr.arpa udp
US 8.8.8.8:53 244.225.89.170.in-addr.arpa udp
US 8.8.8.8:53 244.133.62.151.in-addr.arpa udp
US 8.8.8.8:53 148.23.115.131.in-addr.arpa udp
US 8.8.8.8:53 242.86.160.20.in-addr.arpa udp
US 8.8.8.8:53 45.157.168.24.in-addr.arpa udp
US 8.8.8.8:53 72.223.113.32.in-addr.arpa udp
US 8.8.8.8:53 134.218.182.127.in-addr.arpa udp
US 8.8.8.8:53 199.124.217.12.in-addr.arpa udp
US 8.8.8.8:53 216.215.44.38.in-addr.arpa udp
US 8.8.8.8:53 178.113.177.176.in-addr.arpa udp
US 8.8.8.8:53 4.152.142.172.in-addr.arpa udp
US 8.8.8.8:53 11.49.145.160.in-addr.arpa udp
US 8.8.8.8:53 11.72.55.123.in-addr.arpa udp
US 8.8.8.8:53 146.81.101.216.in-addr.arpa udp
US 8.8.8.8:53 243.129.10.54.in-addr.arpa udp
US 8.8.8.8:53 74.216.92.134.in-addr.arpa udp
US 8.8.8.8:53 19.56.99.223.in-addr.arpa udp
US 8.8.8.8:53 159.101.197.149.in-addr.arpa udp
US 8.8.8.8:53 15.64.176.37.in-addr.arpa udp
US 8.8.8.8:53 49.31.125.79.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 249.212.76.132.in-addr.arpa udp
US 8.8.8.8:53 196.220.108.118.in-addr.arpa udp

Files

memory/3576-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude handjob [milf] high heels .mpg.exe

MD5 2aa2b374871931b03a16552679f4eb1d
SHA1 90006c41cab6fe64db6717b40bf843c7e272e46b
SHA256 e419bf3382823c1f879bae5ac0160a454a3c0cea82d1fa5434ca15c49f0b841e
SHA512 9c1b3af180a10062a3925aa38d1a58859bf342198b2861b7fa47f1c9b0a6340cc4a68d18d07c0ab933cd72e71921d3c973d0d4f3691f1c3837b3e2f9c1f712a2

memory/3576-183-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3484-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3832-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-200-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-203-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-207-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-210-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-213-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-216-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-222-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-225-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-228-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3576-231-0x0000000000400000-0x000000000041E000-memory.dmp