Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-2376kahc5t
Target 8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a
SHA256 8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a

Threat Level: Known bad

The file 8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:07

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:07

Reported

2024-04-07 23:10

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\beast public ejaculation (Christine,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian action trambling public cock 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish cumshot horse lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian beastiality xxx [free] (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian beast several models mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob hot (!) latex .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie hidden titts ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\xxx [milf] (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie lesbian upskirt (Sonja,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian nude horse uncut hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black nude sperm masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian cumshot sperm hidden bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black horse beast masturbation feet blondie (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\fucking hidden (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lingerie hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\indian gang bang hardcore masturbation shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\lingerie [free] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian kicking sperm public sm .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\tyrkish fetish lesbian hot (!) hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian action sperm licking feet pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn trambling public titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Common Files\microsoft shared\swedish nude hardcore sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\beast [bangbus] balls .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\russian beastiality horse [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\japanese handjob beast hot (!) balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\dotnet\shared\american nude bukkake hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian fetish beast sleeping cock stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\beast sleeping hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american gang bang beast full movie hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian handjob hardcore several models bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\cumshot lingerie voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\norwegian hardcore big (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\swedish animal blowjob catfight titts mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian sperm several models feet redhair (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\german beast licking (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\cum horse voyeur mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\canadian sperm full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\asian fucking voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\fucking voyeur penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\german horse [free] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\fetish bukkake voyeur glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\swedish handjob hardcore full movie hole (Sandy,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\kicking fucking masturbation fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian fetish lingerie big lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\swedish animal sperm [milf] mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\italian kicking lingerie [bangbus] (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\brasilian gang bang xxx lesbian (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay masturbation cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\italian nude hardcore voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\cumshot bukkake voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\norwegian horse full movie cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\hardcore full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\brasilian kicking bukkake hot (!) cock pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\russian beastiality fucking [milf] Ôï (Anniston,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\german horse licking cock fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\lingerie big feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\gay masturbation (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\japanese gang bang gay uncut cock circumcision (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\black nude bukkake hot (!) (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\xxx uncut 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\porn hardcore uncut glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british sperm [free] hole latex .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\nude horse [free] titts penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\animal fucking uncut granny .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\temp\italian animal bukkake masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\animal blowjob [bangbus] titts (Christine,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\american animal beast girls wifey (Anniston,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\horse [milf] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\horse hardcore hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\beastiality horse licking black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\black porn lesbian big glans high heels (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\beastiality sperm lesbian castration .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german beast sleeping (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african sperm [bangbus] YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\chinese blowjob big girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\canadian horse catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\nude bukkake voyeur feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\beast several models titts ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\french trambling public pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french beast voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\malaysia sperm full movie cock gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\porn lingerie public beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\tyrkish gang bang lingerie lesbian upskirt (Ashley,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_b53f8b98f2b3a373\gang bang beast hidden balls .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\gang bang fucking hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian gay [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\italian action bukkake big young (Anniston,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\british hardcore public (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\tyrkish action fucking public feet .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french fucking catfight cock balls (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese fucking catfight YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\nude xxx sleeping (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian kicking beast several models (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_d58d4747b1d5988c\french gay [bangbus] titts blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1580 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 1580 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 1580 wrote to memory of 3216 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 1580 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 1580 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 1580 wrote to memory of 220 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 3216 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 3216 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 3216 wrote to memory of 4776 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

Network

Country Destination Domain Proto
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 62.198.62.187.in-addr.arpa udp
US 8.8.8.8:53 198.2.196.157.in-addr.arpa udp
US 8.8.8.8:53 24.48.174.113.in-addr.arpa udp
US 8.8.8.8:53 108.164.54.253.in-addr.arpa udp
US 8.8.8.8:53 48.147.85.140.in-addr.arpa udp
US 8.8.8.8:53 35.63.166.108.in-addr.arpa udp
US 8.8.8.8:53 213.175.151.23.in-addr.arpa udp
US 8.8.8.8:53 96.193.144.184.in-addr.arpa udp
US 8.8.8.8:53 191.68.44.54.in-addr.arpa udp
US 8.8.8.8:53 197.128.254.241.in-addr.arpa udp
US 8.8.8.8:53 197.180.77.76.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 6.180.238.223.in-addr.arpa udp
US 8.8.8.8:53 156.44.52.251.in-addr.arpa udp
US 8.8.8.8:53 139.207.41.5.in-addr.arpa udp
US 8.8.8.8:53 16.32.50.214.in-addr.arpa udp
US 8.8.8.8:53 113.233.137.91.in-addr.arpa udp
US 8.8.8.8:53 198.75.253.88.in-addr.arpa udp
US 8.8.8.8:53 53.102.181.48.in-addr.arpa udp
US 8.8.8.8:53 72.202.79.170.in-addr.arpa udp
US 8.8.8.8:53 64.161.107.127.in-addr.arpa udp
US 8.8.8.8:53 85.84.104.161.in-addr.arpa udp
US 8.8.8.8:53 247.119.38.32.in-addr.arpa udp
US 8.8.8.8:53 245.88.31.241.in-addr.arpa udp
US 8.8.8.8:53 106.104.187.134.in-addr.arpa udp
US 8.8.8.8:53 166.31.8.5.in-addr.arpa udp
US 8.8.8.8:53 181.222.106.76.in-addr.arpa udp
US 8.8.8.8:53 7.166.102.171.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 236.144.152.242.in-addr.arpa udp
US 8.8.8.8:53 84.101.251.232.in-addr.arpa udp
US 8.8.8.8:53 66.158.37.102.in-addr.arpa udp
US 8.8.8.8:53 185.61.237.123.in-addr.arpa udp
US 8.8.8.8:53 162.61.190.125.in-addr.arpa udp
US 8.8.8.8:53 73.234.79.136.in-addr.arpa udp
US 8.8.8.8:53 219.131.95.188.in-addr.arpa udp
US 8.8.8.8:53 180.240.99.134.in-addr.arpa udp
US 8.8.8.8:53 69.72.84.129.in-addr.arpa udp
US 8.8.8.8:53 216.191.112.124.in-addr.arpa udp
US 8.8.8.8:53 70.170.42.176.in-addr.arpa udp
US 8.8.8.8:53 73.21.6.75.in-addr.arpa udp
US 8.8.8.8:53 167.30.239.185.in-addr.arpa udp
US 8.8.8.8:53 226.120.25.59.in-addr.arpa udp
US 8.8.8.8:53 241.198.79.188.in-addr.arpa udp
US 8.8.8.8:53 51.98.146.5.in-addr.arpa udp
US 8.8.8.8:53 113.178.235.16.in-addr.arpa udp
US 8.8.8.8:53 92.114.164.168.in-addr.arpa udp
US 8.8.8.8:53 89.222.95.39.in-addr.arpa udp
US 8.8.8.8:53 171.169.102.86.in-addr.arpa udp
US 8.8.8.8:53 51.72.223.198.in-addr.arpa udp
US 8.8.8.8:53 112.39.137.165.in-addr.arpa udp
US 8.8.8.8:53 245.223.31.123.in-addr.arpa udp
US 8.8.8.8:53 160.5.121.111.in-addr.arpa udp
US 8.8.8.8:53 98.194.213.202.in-addr.arpa udp
US 8.8.8.8:53 62.73.162.37.in-addr.arpa udp
US 8.8.8.8:53 215.22.140.131.in-addr.arpa udp
US 8.8.8.8:53 194.198.210.148.in-addr.arpa udp
US 8.8.8.8:53 42.149.213.215.in-addr.arpa udp
US 8.8.8.8:53 6.173.109.30.in-addr.arpa udp
US 8.8.8.8:53 198.89.129.209.in-addr.arpa udp
US 8.8.8.8:53 221.212.96.154.in-addr.arpa udp
US 8.8.8.8:53 216.84.249.194.in-addr.arpa udp
US 8.8.8.8:53 125.199.185.134.in-addr.arpa udp
US 8.8.8.8:53 139.156.162.212.in-addr.arpa udp
US 8.8.8.8:53 214.102.192.4.in-addr.arpa udp
US 8.8.8.8:53 138.214.234.93.in-addr.arpa udp
US 8.8.8.8:53 208.84.93.205.in-addr.arpa udp
US 8.8.8.8:53 80.24.96.162.in-addr.arpa udp
US 8.8.8.8:53 173.226.241.118.in-addr.arpa udp
US 8.8.8.8:53 13.73.50.20.in-addr.arpa udp
US 8.8.8.8:53 208.165.235.139.in-addr.arpa udp
US 8.8.8.8:53 45.1.255.222.in-addr.arpa udp

Files

memory/1580-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black horse beast masturbation feet blondie (Curtney).rar.exe

MD5 4fec2951f26b1dbeffce54e3f03c113a
SHA1 27a682b1576c266f2741bb53574591e3184a4997
SHA256 5a39513ec1bc1a6a123b55639f647e6161141be0eaa4fcb02590d0b83ba8414e
SHA512 81c4ae58fc13417960b179f432388f7fb04a3d8663552c4ff2498cc81b23805a772311fd0dbb829156452102f87c2d8fe2323e3c95eba8510775d7d81649f612

memory/3216-35-0x0000000000400000-0x0000000000420000-memory.dmp

memory/220-153-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4776-156-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1580-187-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3216-191-0x0000000000400000-0x0000000000420000-memory.dmp

memory/220-194-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4776-197-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:07

Reported

2024-04-07 23:10

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\gay handjob [free] boobs leather .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american action lesbian hot (!) 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\System32\DriverStore\Temp\french handjob fucking voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\IME\shared\gang bang trambling hidden sm .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish xxx beast full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude [bangbus] castration .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\xxx catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian horse full movie young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian xxx animal voyeur cock femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SysWOW64\IME\shared\cumshot uncut sm .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\beast several models titts bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\brasilian fucking [free] feet femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese nude xxx masturbation cock .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\DVD Maker\Shared\swedish fucking sleeping (Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Google\Temp\danish cum [milf] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\german horse horse hidden bedroom (Samantha,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\african lesbian several models hole sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Windows Journal\Templates\british sperm [bangbus] femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\japanese blowjob hot (!) vagina (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\british cumshot [bangbus] cock YEâPSè& (Sarah,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\cum voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian beast big (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\african blowjob [milf] cock swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\canadian cum cumshot big bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\swedish fetish nude masturbation sm .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish lingerie bukkake licking redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\kicking big black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\chinese animal licking vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\action action big .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\bukkake catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian fucking animal masturbation legs boots .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\african porn animal hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\norwegian gay several models nipples lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\indian horse several models blondie (Britney,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking full movie shower .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\american beastiality voyeur upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\Downloaded Program Files\lingerie beastiality hidden fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish voyeur lady (Tatjana,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\american bukkake sperm sleeping vagina (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\norwegian animal sleeping ash castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore xxx several models .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\italian porn porn voyeur ash .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\fetish xxx licking vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\PLA\Templates\chinese cum masturbation shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\black bukkake kicking girls vagina bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\tyrkish cumshot big .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\malaysia xxx hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\french gang bang action masturbation bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\black beast public (Christine,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\porn xxx [milf] blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\french nude handjob public circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\japanese lesbian cum masturbation (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish lingerie voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\action hot (!) legs redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\canadian gay [bangbus] boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\blowjob fetish [bangbus] castration .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\temp\black animal animal [bangbus] YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\german kicking full movie upskirt (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\xxx beastiality sleeping gorgeoushorny (Ashley,Britney).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\Temp\japanese cumshot nude big .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\swedish trambling [free] sm .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\danish fucking lesbian girls bondage (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\horse horse girls (Sandy,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\german cum lingerie full movie (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american hardcore big 50+ (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\brasilian horse horse full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\russian hardcore masturbation legs (Samantha,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\british cum hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish horse lesbian masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\animal action catfight hole .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\gay hardcore big femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish beast several models boots .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\indian cum [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\kicking action several models femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\SoftwareDistribution\Download\lesbian trambling lesbian ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\hardcore gay lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\african porn masturbation femdom (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\african beast kicking girls bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\gay lesbian [bangbus] girly (Sonja,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\italian gay [bangbus] (Sarah,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\blowjob licking vagina (Britney,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\security\templates\norwegian trambling gang bang big (Sandy,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\cumshot big leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\british blowjob licking bedroom (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\horse sperm several models 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\black beast full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\tyrkish beastiality several models girly .zip.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\tyrkish lesbian catfight (Sandy,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2456 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2576 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2576 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2576 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2576 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2576 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe
PID 2456 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe

"C:\Users\Admin\AppData\Local\Temp\8a1edd7a6dec7c28aec32e5de4e755c5d804ece35ceae18be40378fa01fdc34a.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 44.31.194.197.in-addr.arpa udp
US 8.8.8.8:53 189.55.18.27.in-addr.arpa udp
US 8.8.8.8:53 122.149.123.239.in-addr.arpa udp
US 8.8.8.8:53 34.245.9.11.in-addr.arpa udp
US 8.8.8.8:53 230.190.48.221.in-addr.arpa udp
US 8.8.8.8:53 35.168.238.136.in-addr.arpa udp
US 8.8.8.8:53 43.179.6.243.in-addr.arpa udp
US 8.8.8.8:53 74.229.55.97.in-addr.arpa udp
US 8.8.8.8:53 232.223.149.249.in-addr.arpa udp
US 8.8.8.8:53 176.52.52.148.in-addr.arpa udp
US 8.8.8.8:53 65.75.235.100.in-addr.arpa udp
US 8.8.8.8:53 31.62.141.22.in-addr.arpa udp
US 8.8.8.8:53 91.21.194.3.in-addr.arpa udp
US 8.8.8.8:53 57.215.42.80.in-addr.arpa udp
US 8.8.8.8:53 185.131.131.27.in-addr.arpa udp
US 8.8.8.8:53 4.94.221.219.in-addr.arpa udp
US 8.8.8.8:53 90.90.214.42.in-addr.arpa udp
US 8.8.8.8:53 85.77.94.44.in-addr.arpa udp
US 8.8.8.8:53 243.177.236.156.in-addr.arpa udp
US 8.8.8.8:53 254.158.198.53.in-addr.arpa udp
US 8.8.8.8:53 198.134.109.147.in-addr.arpa udp
US 8.8.8.8:53 68.74.174.65.in-addr.arpa udp

Files

memory/2456-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\canadian cum cumshot big bondage .rar.exe

MD5 4b89b6f640005d0edbbc1cb03d6cc0da
SHA1 1a7904b8e78a61d2e46a0931d58bcdf5196d48ca
SHA256 5562e3940d01f2151122054a9a44bfaeb3cf71cc616b73e209e45d34fe6732c9
SHA512 787ff9baa50df93ffcdd83fd937698d9c08ca2b80d844a71b30455d65fea204d20024c917f9d4ee3efc9cfc0110f9654f9f847141ab951f684b4f7cdba5c71f8

memory/2456-14-0x0000000004A60000-0x0000000004A80000-memory.dmp

memory/2576-15-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2576-53-0x0000000004A40000-0x0000000004A60000-memory.dmp

memory/2388-54-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2456-56-0x00000000050C0000-0x00000000050E0000-memory.dmp

memory/2456-92-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2456-94-0x0000000004A60000-0x0000000004A80000-memory.dmp

memory/2576-95-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2576-97-0x0000000004A40000-0x0000000004A60000-memory.dmp

memory/2388-98-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2456-99-0x00000000050C0000-0x00000000050E0000-memory.dmp

memory/2496-103-0x0000000000400000-0x0000000000420000-memory.dmp

C:\debug.txt

MD5 2a6e668b6bd0d25c0a3b429ba53102e3
SHA1 2e4411006e20fad6ba897ec18732dc5345f419bf
SHA256 fb356dd27824b102c4dcaecc407a5b23764396b56b5e26ed25318654b67a6d24
SHA512 d4a500177fe3804482cca863cb43a5853773c974b73d4853ea51695b89b87ee19b29cc94df4893581e8fa942b77bc4aecc63d594dce621a720d276e93e4c643a