Malware Analysis Report

2024-11-30 04:11

Sample ID 240408-bqbzgscd81
Target c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac
SHA256 c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac

Threat Level: Known bad

The file c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:20

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:20

Reported

2024-04-08 01:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\gay voyeur glans upskirt (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black cum blowjob sleeping (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish gang bang gay licking titts (Anniston,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish handjob xxx big glans sm .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian animal bukkake catfight (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie full movie Ôë .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\xxx big cock hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american gang bang beast public hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake masturbation glans bedroom (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\IME\shared\danish fetish bukkake uncut YEâPSè& (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Windows Journal\Templates\brasilian fetish beast public 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\russian gang bang horse public titts (Kathrin,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish animal blowjob voyeur femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\russian horse hardcore catfight (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Google\Temp\italian cum hardcore uncut penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish handjob xxx sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\black porn blowjob lesbian hole YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\DVD Maker\Shared\cumshot bukkake hidden swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\japanese cumshot horse full movie hole sweet (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black kicking fucking masturbation sm .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\fucking girls feet traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\blowjob big (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\blowjob public (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\black gang bang lesbian [free] glans (Christine,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\tyrkish animal blowjob [free] upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\cum lingerie catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\russian porn beast uncut glans traffic (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\black cum fucking catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian gang bang horse catfight leather .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot fucking [milf] glans high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american porn beast [milf] wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\porn sperm girls upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\action horse lesbian hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\japanese cumshot sperm voyeur glans mistress (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\hardcore lesbian glans gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx uncut sweet (Kathrin,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\french fucking catfight glans shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\horse uncut girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\american fetish sperm licking beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\french lingerie [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\lingerie catfight girly (Anniston,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\japanese action fucking masturbation titts stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\indian beastiality blowjob licking .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cumshot bukkake lesbian cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\japanese action blowjob uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\american nude gay uncut girly .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SoftwareDistribution\Download\fucking several models hole ash (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\lesbian licking titts .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\action trambling uncut (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\brasilian cumshot gay several models hole castration (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beast girls titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black fetish bukkake hidden bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\sperm [free] beautyfull (Christine,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\lesbian masturbation titts pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\InstallTemp\asian sperm public glans (Gina,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\porn hardcore public (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\gay girls high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\brasilian cumshot lingerie uncut glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\norwegian xxx public titts .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\asian sperm [milf] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\nude lingerie public cock femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\animal lesbian several models .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\spanish trambling public (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\danish cumshot horse voyeur femdom (Jenna,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\porn gay voyeur granny .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\sperm several models hole (Ashley,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black gang bang sperm girls titts (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\french horse public granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\sperm girls titts pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\security\templates\tyrkish kicking lesbian [milf] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\lingerie big .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black fetish sperm lesbian mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\black horse lesbian [free] circumcision (Gina,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gay [milf] blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\Temp\brasilian gang bang xxx [free] (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian horse horse big shower (Kathrin,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian beastiality hardcore hot (!) (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african sperm masturbation young .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\fetish gay full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse bukkake public hole YEâPSè& (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\french beast catfight 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\action hardcore lesbian high heels (Christine,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\brasilian animal lesbian [bangbus] mature .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\action bukkake girls feet sm .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\porn fucking [bangbus] (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia xxx sleeping (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\british blowjob [free] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1460 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1460 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 2624 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 2624 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 2624 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 2624 wrote to memory of 2784 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 145.228.98.36.in-addr.arpa udp
US 8.8.8.8:53 227.72.11.136.in-addr.arpa udp
US 8.8.8.8:53 155.178.58.115.in-addr.arpa udp
US 8.8.8.8:53 208.14.165.20.in-addr.arpa udp
US 8.8.8.8:53 106.21.174.82.in-addr.arpa udp
US 8.8.8.8:53 230.97.91.50.in-addr.arpa udp
US 8.8.8.8:53 99.165.88.89.in-addr.arpa udp
US 8.8.8.8:53 181.158.184.172.in-addr.arpa udp
US 8.8.8.8:53 171.63.204.84.in-addr.arpa udp
US 8.8.8.8:53 16.182.249.204.in-addr.arpa udp
US 8.8.8.8:53 104.189.203.84.in-addr.arpa udp
US 8.8.8.8:53 48.147.217.95.in-addr.arpa udp
US 8.8.8.8:53 203.213.171.225.in-addr.arpa udp
US 8.8.8.8:53 30.12.254.83.in-addr.arpa udp
US 8.8.8.8:53 65.33.210.96.in-addr.arpa udp
US 8.8.8.8:53 132.1.68.176.in-addr.arpa udp
US 8.8.8.8:53 209.148.244.97.in-addr.arpa udp
US 8.8.8.8:53 178.161.197.235.in-addr.arpa udp
US 8.8.8.8:53 40.113.197.164.in-addr.arpa udp
US 8.8.8.8:53 254.26.194.85.in-addr.arpa udp
US 8.8.8.8:53 224.131.222.152.in-addr.arpa udp
US 8.8.8.8:53 180.46.198.90.in-addr.arpa udp
US 8.8.8.8:53 86.190.203.80.in-addr.arpa udp
US 8.8.8.8:53 198.45.159.87.in-addr.arpa udp

Files

memory/1460-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\blowjob big (Tatjana).avi.exe

MD5 f94a8de47fb16915655fa7471ec594b7
SHA1 701e59e8b6a1db75c5cae8b5092d84b9ae48f8c6
SHA256 b2a27f4ce87adbd876cedd47d2926f8193575185bcd1393f027c26a2c1c08e52
SHA512 111c40f708e87e13b857fdf72da5636a81d1462a1f59e4fe3747229588426d7970344ca4341e041d4c9db311b8975f3ad0bc099875dab9d7c855a0bbabf3fbd9

memory/1460-22-0x0000000004EC0000-0x0000000004EDE000-memory.dmp

memory/2624-23-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2400-63-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-62-0x0000000005230000-0x000000000524E000-memory.dmp

memory/2624-64-0x0000000001E20000-0x0000000001E3E000-memory.dmp

memory/2784-65-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2624-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2400-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2784-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-95-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-96-0x0000000004EC0000-0x0000000004EDE000-memory.dmp

memory/1460-97-0x0000000005230000-0x000000000524E000-memory.dmp

memory/1460-99-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2624-101-0x0000000001E20000-0x0000000001E3E000-memory.dmp

memory/1460-106-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-118-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-122-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-126-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-130-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-134-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-140-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-144-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-148-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-152-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-156-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1460-160-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 01:20

Reported

2024-04-08 01:23

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\hardcore horse [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\System32\DriverStore\Temp\swedish gay blowjob several models sm (Sandy,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\xxx fetish girls (Samantha,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\porn kicking girls high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia lesbian lesbian [free] hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish gay handjob hidden (Samantha,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\horse horse sleeping (Karin,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\bukkake public sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\hardcore catfight (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\horse several models feet gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\danish bukkake public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese porn kicking masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish gang bang full movie (Jade,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\indian lesbian action [bangbus] shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\chinese gay bukkake hidden mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\dotnet\shared\asian xxx catfight (Melissa,Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\blowjob bukkake sleeping feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish gay sperm [free] (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\swedish bukkake uncut mature .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\british animal cumshot [milf] high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\african handjob beastiality sleeping boobs hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn gang bang big ash .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\chinese gay gay lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fetish handjob full movie ash fishy (Sonja,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Google\Temp\horse lesbian catfight legs penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\sperm trambling licking swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse bukkake [milf] hole gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Common Files\microsoft shared\porn lesbian boobs (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese gang bang big castration .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\american beastiality hardcore uncut black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\indian gang bang hot (!) sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\russian hardcore horse hot (!) boobs traffic (Liz,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\xxx fucking big pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\german nude licking Ôï (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\swedish sperm lingerie lesbian (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian fucking action [free] pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\cum big glans .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\tyrkish action hardcore lesbian blondie (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\xxx licking .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\french animal several models ¼ë .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\fetish uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\porn big balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\asian fucking hot (!) cock sweet (Liz,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\spanish fucking catfight cock shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\sperm cum voyeur ejaculation (Jenna,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\brasilian lingerie big titts black hairunshaved (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\japanese handjob girls ash blondie (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\nude action [milf] lady (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\bukkake trambling sleeping bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\spanish animal several models young .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\cum [bangbus] cock (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\malaysia blowjob xxx hot (!) YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\brasilian sperm cumshot [bangbus] bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\gang bang licking (Sonja,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking lesbian shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\bukkake lesbian stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\italian animal [milf] black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\danish porn blowjob full movie femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\swedish handjob kicking several models .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\black blowjob gay public .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\gay sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\fucking action hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake hardcore hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\russian action full movie boots .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\norwegian handjob voyeur hole black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\horse voyeur nipples (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\fucking hidden ash leather .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\blowjob [free] stockings (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\canadian gang bang lingerie lesbian glans .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\PLA\Templates\tyrkish cumshot several models .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\bukkake horse girls hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\fucking uncut upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\american trambling fetish hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\cumshot [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\beastiality catfight cock 40+ (Tatjana,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\beast public pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\lesbian hidden feet .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\animal trambling uncut (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\swedish lingerie full movie vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\japanese xxx sperm several models 50+ (Curtney,Anniston).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\asian horse gang bang sleeping wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\cum catfight hole beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\malaysia bukkake licking fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\action big feet (Ashley,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\kicking nude masturbation femdom (Melissa,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian gang bang full movie legs .rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\swedish beastiality fucking voyeur nipples leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\brasilian porn catfight (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\kicking cumshot girls .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish hardcore hidden traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\Temp\russian gang bang action public .zip.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\indian beastiality lesbian catfight granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\horse licking feet high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\porn several models vagina YEâPSè& (Liz,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1100 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1100 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1100 wrote to memory of 4472 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1100 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1100 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 1100 wrote to memory of 1828 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 4472 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 4472 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe
PID 4472 wrote to memory of 1568 N/A C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe

"C:\Users\Admin\AppData\Local\Temp\c771f41c037acef1afa0d88479474f76c51fe61a1593807ea54c0c5a11af06ac.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 43.121.197.4.in-addr.arpa udp
US 8.8.8.8:53 66.139.54.12.in-addr.arpa udp
US 8.8.8.8:53 218.216.89.66.in-addr.arpa udp
US 8.8.8.8:53 70.91.20.111.in-addr.arpa udp
US 8.8.8.8:53 76.136.233.159.in-addr.arpa udp
US 8.8.8.8:53 96.37.215.249.in-addr.arpa udp
US 8.8.8.8:53 176.182.147.144.in-addr.arpa udp
US 8.8.8.8:53 54.62.203.163.in-addr.arpa udp
US 8.8.8.8:53 48.167.161.238.in-addr.arpa udp
US 8.8.8.8:53 40.145.252.114.in-addr.arpa udp
US 8.8.8.8:53 144.53.253.218.in-addr.arpa udp
US 8.8.8.8:53 26.158.33.178.in-addr.arpa udp
US 8.8.8.8:53 64.245.116.149.in-addr.arpa udp
US 8.8.8.8:53 73.192.25.55.in-addr.arpa udp
US 8.8.8.8:53 137.13.13.93.in-addr.arpa udp
US 8.8.8.8:53 18.4.117.248.in-addr.arpa udp
US 8.8.8.8:53 253.220.15.26.in-addr.arpa udp
US 8.8.8.8:53 52.52.109.65.in-addr.arpa udp
US 8.8.8.8:53 92.19.86.134.in-addr.arpa udp
US 8.8.8.8:53 16.42.140.148.in-addr.arpa udp
US 8.8.8.8:53 130.112.184.95.in-addr.arpa udp
US 8.8.8.8:53 237.43.23.43.in-addr.arpa udp
US 8.8.8.8:53 113.154.8.203.in-addr.arpa udp
US 8.8.8.8:53 5.216.106.171.in-addr.arpa udp
US 8.8.8.8:53 130.237.62.176.in-addr.arpa udp
US 8.8.8.8:53 26.11.151.173.in-addr.arpa udp
US 8.8.8.8:53 233.36.48.220.in-addr.arpa udp
US 8.8.8.8:53 157.230.149.246.in-addr.arpa udp
US 8.8.8.8:53 18.207.153.183.in-addr.arpa udp
US 8.8.8.8:53 134.169.223.233.in-addr.arpa udp
US 8.8.8.8:53 249.7.81.110.in-addr.arpa udp
US 8.8.8.8:53 211.235.47.161.in-addr.arpa udp
US 8.8.8.8:53 89.232.157.70.in-addr.arpa udp
US 8.8.8.8:53 133.111.145.150.in-addr.arpa udp
US 8.8.8.8:53 23.109.119.127.in-addr.arpa udp
US 8.8.8.8:53 126.238.10.78.in-addr.arpa udp
US 8.8.8.8:53 40.189.179.28.in-addr.arpa udp
US 8.8.8.8:53 86.116.46.118.in-addr.arpa udp
US 8.8.8.8:53 7.51.148.253.in-addr.arpa udp
US 8.8.8.8:53 75.216.207.13.in-addr.arpa udp
US 8.8.8.8:53 2.163.67.39.in-addr.arpa udp
US 8.8.8.8:53 255.213.187.82.in-addr.arpa udp
US 8.8.8.8:53 51.22.140.61.in-addr.arpa udp
US 8.8.8.8:53 108.17.13.214.in-addr.arpa udp
US 8.8.8.8:53 64.62.6.82.in-addr.arpa udp
US 8.8.8.8:53 178.117.190.171.in-addr.arpa udp
US 8.8.8.8:53 231.80.186.236.in-addr.arpa udp
US 8.8.8.8:53 71.65.175.77.in-addr.arpa udp
US 8.8.8.8:53 48.8.178.59.in-addr.arpa udp
US 8.8.8.8:53 47.58.190.160.in-addr.arpa udp
US 8.8.8.8:53 51.126.145.4.in-addr.arpa udp
US 8.8.8.8:53 156.164.183.248.in-addr.arpa udp
US 8.8.8.8:53 84.139.147.230.in-addr.arpa udp
US 8.8.8.8:53 39.6.224.63.in-addr.arpa udp
US 8.8.8.8:53 116.120.162.112.in-addr.arpa udp
US 8.8.8.8:53 3.44.245.7.in-addr.arpa udp
US 8.8.8.8:53 199.182.202.192.in-addr.arpa udp
US 8.8.8.8:53 151.65.169.169.in-addr.arpa udp
US 8.8.8.8:53 110.66.246.93.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 27.171.143.182.in-addr.arpa udp
US 8.8.8.8:53 203.180.91.195.in-addr.arpa udp

Files

memory/1100-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\porn gang bang big ash .zip.exe

MD5 2e54ca0e6c106d637a69c43c27d6770e
SHA1 3450b98e4f3696436eed803778e8848b234f48d3
SHA256 a585522be5c98f0870651fa9320761dbf8887ece9f09cf4c7d5d9343f161727f
SHA512 a2d674cf0f382d451b5e25e067e4ab71841f278fd27ec282ca158e5f0a86fb07671b4e2b02e972986614fc42321fdb92882b33d0e1de57e4ccd370a8f5785c45

memory/4472-23-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1828-40-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-158-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4472-167-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1828-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1568-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-187-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-192-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-205-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-210-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-216-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-230-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-234-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-238-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-242-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-247-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-251-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1100-255-0x0000000000400000-0x000000000041E000-memory.dmp