Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-268w9she75
Target 8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3
SHA256 8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3

Threat Level: Known bad

The file 8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:12

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:12

Reported

2024-04-07 23:15

Platform

win7-20240221-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\american kicking horse several models glans sm .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian cum beast lesbian ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian porn lingerie [bangbus] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish kicking trambling public cock 50+ (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\System32\DriverStore\Temp\sperm masturbation (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french horse full movie feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling [milf] cock beautyfull (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\beast several models glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian handjob fucking full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\indian kicking fucking catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black fetish lesbian licking feet young (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast voyeur hole blondie (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore hot (!) (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\black animal beast licking ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\swedish action horse hot (!) (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\indian beastiality trambling several models femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\italian horse gay public glans gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\horse lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\tyrkish nude beast hidden Χ (Ashley,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\british horse voyeur (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Windows Journal\Templates\brasilian cumshot sperm several models hole (Anniston,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\black beastiality gay several models feet (Anniston,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Google\Temp\blowjob full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\brasilian horse bukkake uncut (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese nude lingerie hidden wifey (Britney,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\lingerie voyeur (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\indian fetish lesbian uncut blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\russian porn fucking hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\brasilian fetish horse masturbation titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\norwegian lingerie licking titts ash (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\sperm sleeping (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude gay lesbian bedroom (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\british trambling lesbian feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\italian fetish blowjob catfight (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\gang bang gay public (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\african beast several models cock traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\blowjob licking wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\handjob sperm [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\swedish nude hardcore full movie circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\african hardcore several models titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african blowjob catfight feet black hairunshaved (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\kicking horse public cock hotel (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\black cum sperm lesbian balls (Christine,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\japanese gang bang sperm hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\brasilian beastiality blowjob voyeur titts circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\spanish beast licking hole .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\trambling lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\horse public hole .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\tmp\russian porn blowjob uncut lady .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\security\templates\sperm licking cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian nude lingerie big (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\cumshot trambling [milf] stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\gay several models granny .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\temp\japanese animal hardcore full movie stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\fucking big hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\horse fucking catfight (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\brasilian handjob hardcore sleeping lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\japanese cumshot lesbian sleeping feet hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\brasilian action hardcore [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\nude lingerie lesbian fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish sperm masturbation blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\tyrkish beastiality fucking catfight feet castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\PLA\Templates\russian action beast [bangbus] cock upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SoftwareDistribution\Download\hardcore [milf] ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian trambling catfight (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\brasilian horse beast catfight (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\italian fetish beast girls girly .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\japanese action gay catfight glans wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese beastiality trambling big (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\Downloaded Program Files\brasilian handjob fucking full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\lesbian hot (!) cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\canadian trambling licking 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\hardcore girls penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\brasilian cumshot beast sleeping cock high heels (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\canadian lesbian [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\french bukkake full movie wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\cum horse big .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie public hole high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\malaysia xxx [bangbus] glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish cum gay public glans blondie (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\fetish xxx girls leather .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\beast lesbian hole shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\black porn gay hidden lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beastiality bukkake uncut feet latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\action xxx catfight redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2168 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2468 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2168 wrote to memory of 2532 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2468 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2468 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2468 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 2468 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 91.141.100.85.in-addr.arpa udp
US 8.8.8.8:53 182.248.138.177.in-addr.arpa udp
US 8.8.8.8:53 93.121.66.100.in-addr.arpa udp
US 8.8.8.8:53 249.242.50.203.in-addr.arpa udp
US 8.8.8.8:53 165.197.243.171.in-addr.arpa udp
US 8.8.8.8:53 129.5.49.86.in-addr.arpa udp
US 8.8.8.8:53 159.78.199.49.in-addr.arpa udp
US 8.8.8.8:53 103.122.205.128.in-addr.arpa udp
US 8.8.8.8:53 204.19.187.61.in-addr.arpa udp
US 8.8.8.8:53 153.203.78.4.in-addr.arpa udp
US 8.8.8.8:53 239.233.78.193.in-addr.arpa udp
US 8.8.8.8:53 218.251.119.183.in-addr.arpa udp
US 8.8.8.8:53 214.16.114.198.in-addr.arpa udp
US 8.8.8.8:53 210.82.37.79.in-addr.arpa udp
US 8.8.8.8:53 224.39.232.30.in-addr.arpa udp
US 8.8.8.8:53 30.194.91.53.in-addr.arpa udp
US 8.8.8.8:53 76.132.78.194.in-addr.arpa udp
US 8.8.8.8:53 25.117.222.195.in-addr.arpa udp
US 8.8.8.8:53 5.212.14.21.in-addr.arpa udp
US 8.8.8.8:53 213.225.210.41.in-addr.arpa udp
US 8.8.8.8:53 202.212.75.96.in-addr.arpa udp
US 8.8.8.8:53 145.19.49.174.in-addr.arpa udp
US 8.8.8.8:53 167.20.88.58.in-addr.arpa udp
US 8.8.8.8:53 147.72.73.61.in-addr.arpa udp
US 8.8.8.8:53 135.4.69.249.in-addr.arpa udp
US 8.8.8.8:53 59.143.42.60.in-addr.arpa udp
US 8.8.8.8:53 142.107.64.25.in-addr.arpa udp
US 8.8.8.8:53 207.108.41.63.in-addr.arpa udp

Files

memory/2168-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish horse gay [bangbus] .mpg.exe

MD5 5239bc665b0756b1e1df036a5f0a09ad
SHA1 b5818c76aade9049f5ecaf05384c0da3da38f3a6
SHA256 e4885ad52f528300050ba05d477d6b372b4d31cd74d6b12bc6bff1890b9cc697
SHA512 994d4f757c153188529d290cdfd57bd2978a96bac81eeda60ac361f83e0bef622650f7e194ef0c980002583186edcf947d64a4d69d8fc407711bb24ac9d5223b

memory/2168-52-0x00000000059A0000-0x00000000059BC000-memory.dmp

memory/2468-53-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-87-0x0000000005C20000-0x0000000005C3C000-memory.dmp

memory/2532-88-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2476-89-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-91-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2468-92-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2476-96-0x0000000000400000-0x000000000041C000-memory.dmp

C:\debug.txt

MD5 5d6a053bcdc33ef081114dafc762fad3
SHA1 9ec2f8be583530c60d23788a11944946ab359abc
SHA256 723126ce575da53cf521716d5c5d01b45598d356889d18979d6d981078751d39
SHA512 8a298fd7c553eb4f28d2b63cf2a6b61fbeb76d5cb37cafdf521c12b89f77f01a86c1a6ae961df702be205d778ecca6300738df53a4dacd65209b0baab033fe2a

memory/2168-105-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-109-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-113-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-117-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-123-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-127-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-131-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-135-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-139-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-143-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-147-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-151-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2168-155-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:12

Reported

2024-04-07 23:15

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black action xxx masturbation cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\tyrkish animal gay [milf] fishy (Sonja,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\System32\DriverStore\Temp\fucking [milf] feet ¼ë (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake masturbation titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\fucking catfight glans .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian horse lesbian full movie femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse lingerie masturbation leather .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie voyeur hole blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx [free] (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african gay girls hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\horse [bangbus] (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\xxx hidden (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft\Temp\hardcore sleeping feet .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\dotnet\shared\indian kicking fucking catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\black fetish lesbian licking feet young (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\french fucking licking boots .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish horse xxx catfight feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore full movie pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian cumshot bukkake licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\swedish action horse hot (!) (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Google\Temp\blowjob [free] (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast voyeur hole blondie (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black beastiality gay several models feet (Anniston,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black kicking horse uncut (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\brasilian cumshot sperm several models hole (Anniston,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish horse gay [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\italian horse gay public glans gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\fucking girls hole balls (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\EU8B19.tmp\american nude beast public .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\swedish cumshot lesbian catfight gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\french blowjob masturbation titts 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish gang bang trambling [free] (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\british beast full movie hole latex .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\norwegian horse several models glans sm (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\african lesbian hot (!) feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\nude lesbian sleeping cock young .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\hardcore [free] femdom (Kathrin,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\InstallTemp\spanish horse full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\blowjob full movie circumcision (Anniston,Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\handjob horse licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian full movie glans latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\swedish nude horse big bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british xxx public circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\asian hardcore [free] hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian fetish blowjob licking .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\malaysia lingerie uncut titts .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\malaysia hardcore big cock sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\spanish lingerie [milf] feet bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\gang bang hardcore [bangbus] cock (Jenna,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\german beast uncut (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\italian kicking fucking several models (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\indian gang bang hardcore [bangbus] glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\beastiality trambling several models (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\horse trambling [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\italian kicking hardcore full movie hole YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\porn horse public titts bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\black nude trambling big 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\brasilian kicking fucking masturbation penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\horse xxx hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\sperm lesbian cock upskirt (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\spanish horse hot (!) pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\porn hardcore uncut titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\malaysia hardcore hidden feet shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\beast uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\black animal horse voyeur young (Kathrin,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\american beastiality sperm uncut titts swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\cumshot sperm catfight young .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\american fetish lingerie hidden feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\spanish gay hidden glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\handjob blowjob catfight beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\asian beast hot (!) titts .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\swedish animal lesbian hot (!) (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\danish beastiality horse [free] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cum bukkake voyeur granny .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\asian beast [free] hairy (Kathrin,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian gang bang trambling sleeping titts (Christine,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\black handjob lesbian masturbation (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\russian animal blowjob licking fishy (Gina,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\gang bang gay [bangbus] hole balls .zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\american horse fucking [milf] feet (Sonja,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beast catfight (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\cum lesbian masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\german xxx big girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\norwegian bukkake [free] wifey (Sandy,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\gang bang lesbian [free] glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\asian trambling [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\blowjob licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\canadian bukkake several models (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\cum sperm uncut hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\canadian trambling masturbation titts .rar.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\spanish fucking [milf] glans stockings (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_6242879b1c08046f\chinese blowjob uncut stockings (Sonja,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 628 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 628 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 628 wrote to memory of 4996 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 628 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 628 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 628 wrote to memory of 4524 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 4996 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 4996 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe
PID 4996 wrote to memory of 3336 N/A C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe

"C:\Users\Admin\AppData\Local\Temp\8c9d7122b4a02d73da61b988a8030cb48549fb7fffc7c2ca17e999c3227ae5b3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 177.249.84.238.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 124.206.230.47.in-addr.arpa udp
US 8.8.8.8:53 3.146.68.251.in-addr.arpa udp
US 8.8.8.8:53 51.156.247.226.in-addr.arpa udp
US 8.8.8.8:53 126.168.97.210.in-addr.arpa udp
US 8.8.8.8:53 85.37.45.203.in-addr.arpa udp
US 8.8.8.8:53 61.102.25.110.in-addr.arpa udp
US 8.8.8.8:53 71.73.49.194.in-addr.arpa udp
US 8.8.8.8:53 239.17.47.194.in-addr.arpa udp
US 8.8.8.8:53 249.88.84.18.in-addr.arpa udp
US 8.8.8.8:53 81.4.171.4.in-addr.arpa udp
US 8.8.8.8:53 39.146.221.101.in-addr.arpa udp
US 8.8.8.8:53 76.98.68.58.in-addr.arpa udp
US 8.8.8.8:53 88.185.68.205.in-addr.arpa udp
US 8.8.8.8:53 75.132.29.38.in-addr.arpa udp
US 8.8.8.8:53 62.186.160.96.in-addr.arpa udp
US 8.8.8.8:53 162.38.237.188.in-addr.arpa udp
US 8.8.8.8:53 163.245.212.73.in-addr.arpa udp
US 8.8.8.8:53 255.253.129.161.in-addr.arpa udp
US 8.8.8.8:53 255.57.30.81.in-addr.arpa udp
US 8.8.8.8:53 194.157.207.28.in-addr.arpa udp
US 8.8.8.8:53 239.76.247.57.in-addr.arpa udp
US 8.8.8.8:53 252.227.183.96.in-addr.arpa udp
US 8.8.8.8:53 105.138.65.114.in-addr.arpa udp
US 8.8.8.8:53 225.114.217.65.in-addr.arpa udp
US 8.8.8.8:53 188.53.197.64.in-addr.arpa udp
US 8.8.8.8:53 210.49.111.230.in-addr.arpa udp
US 8.8.8.8:53 153.195.103.106.in-addr.arpa udp
US 8.8.8.8:53 113.93.149.79.in-addr.arpa udp
US 8.8.8.8:53 252.11.71.161.in-addr.arpa udp
US 8.8.8.8:53 238.33.138.229.in-addr.arpa udp
US 8.8.8.8:53 9.34.47.185.in-addr.arpa udp
US 8.8.8.8:53 41.10.212.182.in-addr.arpa udp
US 8.8.8.8:53 219.255.31.246.in-addr.arpa udp
US 8.8.8.8:53 44.207.156.147.in-addr.arpa udp
US 8.8.8.8:53 73.18.154.45.in-addr.arpa udp
US 8.8.8.8:53 196.150.136.117.in-addr.arpa udp
US 8.8.8.8:53 162.254.228.33.in-addr.arpa udp
US 8.8.8.8:53 240.122.115.175.in-addr.arpa udp
US 8.8.8.8:53 212.192.130.96.in-addr.arpa udp
US 8.8.8.8:53 25.45.209.249.in-addr.arpa udp
US 8.8.8.8:53 125.160.124.75.in-addr.arpa udp
US 8.8.8.8:53 121.116.9.61.in-addr.arpa udp
US 8.8.8.8:53 251.192.120.178.in-addr.arpa udp
US 8.8.8.8:53 42.251.235.238.in-addr.arpa udp
US 8.8.8.8:53 223.197.198.8.in-addr.arpa udp
US 8.8.8.8:53 36.188.97.234.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 145.39.235.21.in-addr.arpa udp
US 8.8.8.8:53 209.51.10.132.in-addr.arpa udp
US 8.8.8.8:53 53.164.47.108.in-addr.arpa udp
US 8.8.8.8:53 41.44.151.232.in-addr.arpa udp
US 8.8.8.8:53 123.89.152.38.in-addr.arpa udp
US 8.8.8.8:53 58.154.26.175.in-addr.arpa udp
US 8.8.8.8:53 118.204.137.162.in-addr.arpa udp
US 8.8.8.8:53 98.3.151.8.in-addr.arpa udp
US 8.8.8.8:53 184.227.199.182.in-addr.arpa udp
US 8.8.8.8:53 46.69.116.129.in-addr.arpa udp
US 8.8.8.8:53 69.253.125.154.in-addr.arpa udp
US 8.8.8.8:53 253.155.62.9.in-addr.arpa udp
US 8.8.8.8:53 146.42.212.135.in-addr.arpa udp
US 8.8.8.8:53 81.15.17.27.in-addr.arpa udp
US 8.8.8.8:53 20.19.156.63.in-addr.arpa udp
US 8.8.8.8:53 61.150.117.89.in-addr.arpa udp
US 8.8.8.8:53 114.83.106.79.in-addr.arpa udp
US 8.8.8.8:53 245.128.243.200.in-addr.arpa udp
US 8.8.8.8:53 1.71.155.87.in-addr.arpa udp
US 8.8.8.8:53 27.144.102.122.in-addr.arpa udp
US 8.8.8.8:53 201.200.52.48.in-addr.arpa udp
US 8.8.8.8:53 217.32.50.173.in-addr.arpa udp
US 8.8.8.8:53 22.106.30.173.in-addr.arpa udp
US 8.8.8.8:53 166.160.11.15.in-addr.arpa udp
US 8.8.8.8:53 240.177.120.7.in-addr.arpa udp
US 8.8.8.8:53 181.158.24.94.in-addr.arpa udp
US 8.8.8.8:53 75.113.34.111.in-addr.arpa udp
US 8.8.8.8:53 15.64.62.254.in-addr.arpa udp
US 8.8.8.8:53 227.152.119.154.in-addr.arpa udp
US 8.8.8.8:53 200.122.29.54.in-addr.arpa udp
US 8.8.8.8:53 2.238.214.116.in-addr.arpa udp
US 8.8.8.8:53 95.47.133.82.in-addr.arpa udp
US 8.8.8.8:53 101.185.82.50.in-addr.arpa udp
US 8.8.8.8:53 204.110.158.204.in-addr.arpa udp
US 8.8.8.8:53 148.146.103.5.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/628-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\swedish horse gay [bangbus] .mpg.exe

MD5 5239bc665b0756b1e1df036a5f0a09ad
SHA1 b5818c76aade9049f5ecaf05384c0da3da38f3a6
SHA256 e4885ad52f528300050ba05d477d6b372b4d31cd74d6b12bc6bff1890b9cc697
SHA512 994d4f757c153188529d290cdfd57bd2978a96bac81eeda60ac361f83e0bef622650f7e194ef0c980002583186edcf947d64a4d69d8fc407711bb24ac9d5223b

memory/4996-36-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4524-157-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3336-159-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-184-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4996-185-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4524-186-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-189-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-195-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-205-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-209-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-214-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-218-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-222-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-226-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-230-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-234-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-238-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-242-0x0000000000400000-0x000000000041C000-memory.dmp

memory/628-246-0x0000000000400000-0x000000000041C000-memory.dmp