Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-w4jayahc99
Target 0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5
SHA256 0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5

Threat Level: Known bad

The file 0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:28

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:28

Reported

2024-04-03 18:31

Platform

win7-20240221-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\malaysia trambling cum [milf] traffic (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian kicking [milf] shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\lingerie [milf] 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian xxx kicking uncut ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse animal big (Karin,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish fucking girls nipples stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gang bang big Ôë .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian blowjob xxx [bangbus] circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\russian cum horse hidden sm (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian cum full movie pregnant (Sonja,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\cum uncut latex .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Google\Temp\blowjob hardcore uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british xxx gang bang [bangbus] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\black lingerie big .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\african hardcore catfight sm (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\danish fucking fetish hot (!) boobs black hairunshaved (Tatjana,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian trambling gay several models girly (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish horse lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\action handjob big .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\DVD Maker\Shared\japanese beastiality voyeur feet beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african blowjob lingerie sleeping vagina (Samantha,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\german trambling lingerie full movie hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\cumshot full movie boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\indian gay cum several models .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\beastiality beastiality big 40+ (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\american lesbian gay big nipples .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\porn horse catfight ash (Sandy,Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\swedish xxx cumshot catfight ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\canadian cum [milf] high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\norwegian fetish public ash beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish sperm public boots (Ashley,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\british kicking lesbian hidden sm .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\swedish fetish catfight mature (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\handjob [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\InstallTemp\gang bang full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\beastiality gang bang [bangbus] glans black hairunshaved (Gina,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\brasilian porn beastiality catfight hole traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\russian cumshot horse uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black trambling gay catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\temp\brasilian gang bang catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\american fucking beast sleeping ash .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\kicking [milf] (Karin,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\porn [free] ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fucking lesbian girls upskirt (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\tyrkish blowjob fetish [bangbus] glans sweet (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\russian cum several models (Samantha,Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\danish fetish licking girly (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\black trambling trambling voyeur bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\xxx porn girls (Melissa,Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\blowjob sperm uncut titts (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\tyrkish bukkake sperm lesbian feet 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\Downloaded Program Files\beastiality full movie titts leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian horse big .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\asian beastiality fetish sleeping young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\fetish sperm [free] sm (Liz,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\german beastiality beast [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay fetish lesbian legs hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\handjob gay uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french cumshot cumshot big boobs ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\british trambling full movie ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian horse animal hot (!) girly (Curtney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beast sperm big .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\fetish trambling hot (!) redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\gay masturbation hole bondage (Samantha,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\danish beastiality girls .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\canadian trambling sleeping nipples redhair (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\german action bukkake full movie traffic (Jade,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gang bang animal girls stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\tyrkish gang bang hot (!) (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\indian horse action public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\cum kicking catfight beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\lingerie catfight stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\malaysia porn catfight (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\beast gay masturbation nipples femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\hardcore xxx voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian animal hardcore full movie ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\japanese gang bang masturbation shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\russian hardcore lingerie [free] titts leather (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\italian xxx girls (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\gay masturbation nipples bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\cumshot several models sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\french animal beast [bangbus] ejaculation (Sonja,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\beast animal big beautyfull (Curtney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\norwegian animal sleeping pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\canadian beast uncut ash young .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african kicking handjob full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\cum voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian beast hardcore big YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\horse blowjob [milf] granny (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2612 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2612 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2612 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2612 wrote to memory of 2440 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2440 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2440 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2440 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 2440 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.199.158.13.in-addr.arpa udp
US 8.8.8.8:53 116.170.120.183.in-addr.arpa udp
US 8.8.8.8:53 219.172.136.164.in-addr.arpa udp
US 8.8.8.8:53 191.81.197.201.in-addr.arpa udp
US 8.8.8.8:53 79.39.67.3.in-addr.arpa udp
US 8.8.8.8:53 166.92.147.77.in-addr.arpa udp
US 8.8.8.8:53 166.63.35.44.in-addr.arpa udp
US 8.8.8.8:53 205.2.105.214.in-addr.arpa udp
US 8.8.8.8:53 215.146.176.176.in-addr.arpa udp
US 8.8.8.8:53 225.13.224.49.in-addr.arpa udp
US 8.8.8.8:53 130.96.111.174.in-addr.arpa udp
US 8.8.8.8:53 127.116.103.210.in-addr.arpa udp
US 8.8.8.8:53 32.188.254.237.in-addr.arpa udp
US 8.8.8.8:53 229.77.122.184.in-addr.arpa udp
US 8.8.8.8:53 197.243.152.163.in-addr.arpa udp
US 8.8.8.8:53 171.25.69.146.in-addr.arpa udp
US 8.8.8.8:53 224.34.134.116.in-addr.arpa udp
US 8.8.8.8:53 206.83.61.226.in-addr.arpa udp
US 8.8.8.8:53 57.233.235.167.in-addr.arpa udp
US 8.8.8.8:53 82.183.202.18.in-addr.arpa udp
US 8.8.8.8:53 22.52.200.81.in-addr.arpa udp
US 8.8.8.8:53 208.110.212.141.in-addr.arpa udp
US 8.8.8.8:53 87.18.3.253.in-addr.arpa udp
US 8.8.8.8:53 89.9.46.175.in-addr.arpa udp
US 8.8.8.8:53 228.132.225.171.in-addr.arpa udp
US 8.8.8.8:53 114.186.134.108.in-addr.arpa udp
US 8.8.8.8:53 19.82.178.222.in-addr.arpa udp
US 8.8.8.8:53 98.212.9.3.in-addr.arpa udp

Files

C:\Program Files\Windows Sidebar\Shared Gadgets\african blowjob lingerie sleeping vagina (Samantha,Samantha).rar.exe

MD5 9bf31c43268ae5510affa834a598cede
SHA1 a9c3faa3085ac7da775308db29b10d0af5cea49b
SHA256 40e23f72ac66a528ec1008fc8ff80888d36b97ac4255b62d2577693b4a4557ba
SHA512 c0c768ec50eaee2a876f2ef3aa5b0e5a328c68695abe704b95481cd64863e0c210f655231f8cd61e72c3f6e33226a37db63bc2ea0e165797f0f66bb23df15269

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:28

Reported

2024-04-03 18:31

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling uncut feet ash (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie uncut titts .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish kicking xxx hidden cock .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie sleeping fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black cum sperm voyeur traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\sperm [milf] lady (Christine,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\trambling [bangbus] feet pregnant (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish beastiality beast full movie (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian action beast hot (!) feet (Britney,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian fetish fucking voyeur bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\bukkake girls latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish gang bang xxx uncut shower .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse masturbation hole (Britney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\blowjob full movie cock circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Google\Temp\american cumshot gay [free] girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\bukkake lesbian hole (Jenna,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm girls sweet (Sonja,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\american gang bang trambling lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse [milf] hole blondie (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\dotnet\shared\trambling several models (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese gang bang beast catfight bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\brasilian handjob lingerie full movie feet swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian animal fucking [free] femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\blowjob licking titts girly (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian gang bang hardcore licking castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian nude lingerie sleeping feet femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore uncut cock high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\russian beastiality fucking [bangbus] titts balls (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\russian porn fucking girls hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\french xxx hidden titts ejaculation (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\spanish blowjob several models cock sweet (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\brasilian action blowjob licking sweet (Gina,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\asian beast several models shower .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\beast [milf] balls .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx uncut blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\british lesbian catfight cock upskirt (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\american cum fucking voyeur glans (Ashley,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\german xxx public high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\fucking several models cock girly (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\indian gang bang xxx voyeur glans latex (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\russian gang bang xxx uncut hole (Britney,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\beast masturbation circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\british lingerie lesbian Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\asian horse full movie glans lady .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia xxx hidden cock YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\lesbian lesbian ash .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\lingerie lesbian wifey (Ashley,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\horse sperm several models mature .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\indian beastiality bukkake voyeur granny (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\lingerie sleeping (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\fucking [bangbus] hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\german blowjob lesbian feet girly (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\horse beast lesbian traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\indian nude sperm girls titts (Ashley,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\cumshot horse lesbian titts Ôï (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\swedish nude beast [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\italian handjob horse big (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\asian blowjob voyeur young .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\action gay full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\malaysia lingerie voyeur bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\canadian hardcore full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\malaysia sperm several models hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\danish beastiality blowjob public (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish animal trambling lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\black kicking fucking [milf] feet ash (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\cum sperm catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\norwegian lesbian licking hotel (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\action fucking [milf] balls (Kathrin,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\beastiality sperm [bangbus] hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\russian beastiality trambling uncut glans balls (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia blowjob girls cock stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\action horse girls shower .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\bukkake lesbian lady .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\british lesbian licking hole (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\fetish bukkake public cock sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot bukkake [free] glans granny .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\bukkake full movie beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\african bukkake [bangbus] sm .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\InputMethod\SHARED\sperm full movie (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse [milf] castration .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\russian kicking sperm [bangbus] high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\italian cumshot lesbian [bangbus] shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\handjob lesbian big castration .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\blowjob catfight stockings (Sandy,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\horse gay hot (!) redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\malaysia lingerie masturbation Ôï (Gina,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\trambling lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\american gang bang blowjob [milf] hole (Sonja,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\asian hardcore public glans penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\kicking fucking [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\danish cum lingerie uncut mature .zip.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\horse fucking [bangbus] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1580 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 1580 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 1580 wrote to memory of 4732 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 4732 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 4732 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 4732 wrote to memory of 1340 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 1580 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 1580 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe
PID 1580 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe

"C:\Users\Admin\AppData\Local\Temp\0a8eff6adb55385aca0514565ac83b24078e1e2979b6544d51a3c89d06abadb5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 227.97.18.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 83.66.67.156.in-addr.arpa udp
US 8.8.8.8:53 131.34.32.81.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 230.225.170.84.in-addr.arpa udp
US 8.8.8.8:53 130.217.72.16.in-addr.arpa udp
US 8.8.8.8:53 218.55.121.221.in-addr.arpa udp
US 8.8.8.8:53 178.189.155.61.in-addr.arpa udp
US 8.8.8.8:53 44.167.72.42.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 174.181.11.122.in-addr.arpa udp
US 8.8.8.8:53 244.61.144.205.in-addr.arpa udp
US 8.8.8.8:53 130.240.242.100.in-addr.arpa udp
US 8.8.8.8:53 155.177.85.229.in-addr.arpa udp
US 8.8.8.8:53 228.129.198.197.in-addr.arpa udp
US 8.8.8.8:53 244.151.95.221.in-addr.arpa udp
US 8.8.8.8:53 8.204.62.94.in-addr.arpa udp
US 8.8.8.8:53 82.26.164.58.in-addr.arpa udp
US 8.8.8.8:53 21.95.221.192.in-addr.arpa udp
US 8.8.8.8:53 124.80.134.186.in-addr.arpa udp
US 8.8.8.8:53 62.178.8.106.in-addr.arpa udp
US 8.8.8.8:53 8.86.22.34.in-addr.arpa udp
US 8.8.8.8:53 31.214.135.205.in-addr.arpa udp
US 8.8.8.8:53 144.25.144.3.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 167.234.44.58.in-addr.arpa udp
US 8.8.8.8:53 108.206.106.27.in-addr.arpa udp
US 8.8.8.8:53 52.139.255.255.in-addr.arpa udp
US 8.8.8.8:53 126.89.60.84.in-addr.arpa udp
US 8.8.8.8:53 164.92.88.140.in-addr.arpa udp
US 8.8.8.8:53 145.183.176.153.in-addr.arpa udp
US 8.8.8.8:53 87.197.116.187.in-addr.arpa udp
US 8.8.8.8:53 125.44.10.222.in-addr.arpa udp
US 8.8.8.8:53 102.41.166.123.in-addr.arpa udp
US 8.8.8.8:53 227.246.14.224.in-addr.arpa udp
US 8.8.8.8:53 155.244.168.201.in-addr.arpa udp
US 8.8.8.8:53 41.96.213.116.in-addr.arpa udp
US 8.8.8.8:53 68.247.205.42.in-addr.arpa udp
US 8.8.8.8:53 89.159.183.130.in-addr.arpa udp
US 8.8.8.8:53 222.160.82.128.in-addr.arpa udp
US 8.8.8.8:53 175.5.59.172.in-addr.arpa udp
US 8.8.8.8:53 166.219.56.121.in-addr.arpa udp
US 8.8.8.8:53 208.111.70.74.in-addr.arpa udp
US 8.8.8.8:53 2.161.125.225.in-addr.arpa udp
US 8.8.8.8:53 97.93.95.147.in-addr.arpa udp
US 8.8.8.8:53 83.1.169.220.in-addr.arpa udp
US 8.8.8.8:53 71.246.80.226.in-addr.arpa udp
US 8.8.8.8:53 9.1.48.199.in-addr.arpa udp
US 8.8.8.8:53 230.24.235.42.in-addr.arpa udp
US 8.8.8.8:53 218.33.167.195.in-addr.arpa udp
US 8.8.8.8:53 163.10.131.214.in-addr.arpa udp
US 8.8.8.8:53 10.84.49.229.in-addr.arpa udp
US 8.8.8.8:53 67.217.69.102.in-addr.arpa udp
US 8.8.8.8:53 210.78.171.27.in-addr.arpa udp
US 8.8.8.8:53 43.118.128.63.in-addr.arpa udp
US 8.8.8.8:53 145.182.107.93.in-addr.arpa udp
US 8.8.8.8:53 137.158.145.1.in-addr.arpa udp
US 8.8.8.8:53 28.225.9.126.in-addr.arpa udp
US 8.8.8.8:53 71.87.38.214.in-addr.arpa udp
US 8.8.8.8:53 146.179.204.113.in-addr.arpa udp
US 8.8.8.8:53 38.118.202.161.in-addr.arpa udp
US 8.8.8.8:53 209.78.231.128.in-addr.arpa udp
US 8.8.8.8:53 159.32.124.1.in-addr.arpa udp
US 8.8.8.8:53 25.50.185.65.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 69.79.54.171.in-addr.arpa udp
US 8.8.8.8:53 166.190.19.56.in-addr.arpa udp
US 8.8.8.8:53 131.123.102.191.in-addr.arpa udp

Files

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian gang bang hardcore licking castration .mpg.exe

MD5 345f7f8813847ba17e5767396f86a1ed
SHA1 c694558fbf7dadbf62c4e2eea9462f2c0627c51d
SHA256 f7e2f5be9d76ac8ba7034023df8d5ef82e61c011316551ff09f5545792e69c4d
SHA512 7d7483d6fe005987c99eebcae232fc41dde7bb25300d0edc2b1f8ae93fc12b6a060a31f177794ac1781a82e8221a336a28a15b20fae227bb45080520355977b0