Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-3aaj9she41
Target 8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62
SHA256 8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62

Threat Level: Known bad

The file 8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:18

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:18

Reported

2024-04-07 23:20

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black kicking hardcore big boobs wifey (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\System32\DriverStore\Temp\handjob girls (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\fetish gay [free] circumcision (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american gay [milf] nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\fetish horse big cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\IME\shared\porn handjob catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse handjob several models feet mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling lesbian (Sylvia,Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\IME\shared\french gay licking .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian handjob [milf] shower .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\kicking cum big glans traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian cumshot uncut ash sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\swedish fetish licking wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Google\Temp\african hardcore public .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian animal hardcore hot (!) (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking hot (!) lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish trambling full movie (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\japanese cumshot fetish masturbation nipples ¤ã (Samantha,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\DVD Maker\Shared\cum big upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\african action nude public (Liz,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse [bangbus] vagina (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Windows Journal\Templates\lesbian several models .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\norwegian sperm uncut granny (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\xxx licking pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\fetish bukkake catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\cumshot blowjob hot (!) mistress (Jade,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\swedish action animal catfight mature .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\swedish xxx porn [milf] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\chinese xxx xxx [milf] beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\black xxx trambling [bangbus] balls .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\tyrkish animal [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\black hardcore animal full movie cock ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\gay public shower (Sandy,Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\chinese handjob several models high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\nude fetish voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\tyrkish horse voyeur boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\danish animal [free] (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\brasilian handjob girls boobs hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\indian lingerie masturbation boobs girly (Karin,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie action uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\Temp\horse public femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\blowjob licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\japanese blowjob licking cock (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\handjob [free] wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\malaysia xxx big hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\tmp\norwegian horse cum big hole young .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\cum public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\black hardcore masturbation cock 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\animal porn public (Melissa,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\horse masturbation latex .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\chinese lingerie action hidden nipples leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\japanese kicking [free] blondie (Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish cumshot sperm lesbian mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\indian kicking several models leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\horse beast voyeur ash .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\kicking hot (!) gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\bukkake horse public gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\cumshot lesbian nipples high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\british porn beastiality hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\italian cumshot xxx uncut (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\temp\russian nude hidden shower .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\asian animal [bangbus] ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\nude licking lady (Gina,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\malaysia gang bang lingerie several models shower .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish fucking trambling public vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\horse beast [milf] upskirt (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\japanese beastiality masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\beastiality horse lesbian cock pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\tyrkish cum lesbian 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\lesbian animal licking .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\nude licking YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse beastiality lesbian feet granny (Sonja,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish hardcore porn [bangbus] bedroom (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\nude catfight feet .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\gang bang beastiality hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\black cum sleeping boots .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\hardcore horse girls (Sonja,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\nude nude girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian action hardcore [bangbus] lady .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\Downloaded Program Files\gang bang action big .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\japanese fetish lesbian hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\indian cumshot voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\PLA\Templates\canadian bukkake sperm hot (!) hole boots .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\norwegian horse public ìï (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\animal [bangbus] glans ash .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\malaysia handjob public cock (Janette,Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\nude masturbation YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\canadian porn horse [bangbus] 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian animal several models (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2192 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1364 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 2192 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1364 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1364 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1364 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1364 wrote to memory of 2580 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 103.84.134.37.in-addr.arpa udp
US 8.8.8.8:53 13.95.203.4.in-addr.arpa udp
US 8.8.8.8:53 143.14.71.125.in-addr.arpa udp
US 8.8.8.8:53 64.41.149.144.in-addr.arpa udp
US 8.8.8.8:53 80.151.148.239.in-addr.arpa udp
US 8.8.8.8:53 72.65.21.113.in-addr.arpa udp
US 8.8.8.8:53 179.46.165.70.in-addr.arpa udp
US 8.8.8.8:53 183.52.67.138.in-addr.arpa udp
US 8.8.8.8:53 190.103.245.20.in-addr.arpa udp
US 8.8.8.8:53 248.40.2.68.in-addr.arpa udp
US 8.8.8.8:53 174.129.46.124.in-addr.arpa udp
US 8.8.8.8:53 206.21.216.121.in-addr.arpa udp
US 8.8.8.8:53 180.158.77.44.in-addr.arpa udp
US 8.8.8.8:53 238.153.159.173.in-addr.arpa udp
US 8.8.8.8:53 238.202.42.139.in-addr.arpa udp
US 8.8.8.8:53 3.46.138.135.in-addr.arpa udp
US 8.8.8.8:53 137.91.221.233.in-addr.arpa udp
US 8.8.8.8:53 224.111.224.171.in-addr.arpa udp
US 8.8.8.8:53 255.136.158.152.in-addr.arpa udp
US 8.8.8.8:53 120.190.66.51.in-addr.arpa udp
US 8.8.8.8:53 161.121.184.114.in-addr.arpa udp
US 8.8.8.8:53 193.161.238.33.in-addr.arpa udp
US 8.8.8.8:53 13.68.92.85.in-addr.arpa udp
US 8.8.8.8:53 170.119.195.237.in-addr.arpa udp
US 8.8.8.8:53 227.85.27.92.in-addr.arpa udp
US 8.8.8.8:53 73.236.97.118.in-addr.arpa udp
US 8.8.8.8:53 63.214.188.10.in-addr.arpa udp

Files

memory/2192-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian cumshot uncut ash sweet .rar.exe

MD5 216f26dc8ce1f660053fb257d739c6cc
SHA1 6fa5cbe4f203d371a181dc67c208933524624b6c
SHA256 fa8d7f0aec3384285c82939d7bfa13e161cb4adf6a1a0a38cd35b208d5cac051
SHA512 ff7e8746cbcd1067440c4ac6d236fe5c862288539d7db9d5d7e18ee9b4dc8aedb8a00bdb0da3ece60c118b4caafebad2c7adf58c799fd13220bc3eef834ddd3f

memory/2192-59-0x0000000005290000-0x00000000052AE000-memory.dmp

memory/1364-60-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-89-0x0000000005290000-0x00000000052AE000-memory.dmp

memory/1364-90-0x00000000020C0000-0x00000000020DE000-memory.dmp

memory/2580-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1372-95-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2580-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-99-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-109-0x0000000005290000-0x00000000052AE000-memory.dmp

memory/2192-110-0x0000000005290000-0x00000000052AE000-memory.dmp

memory/1364-112-0x00000000020C0000-0x00000000020DE000-memory.dmp

memory/2192-115-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-129-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-153-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-157-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2192-161-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:18

Reported

2024-04-07 23:20

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\SHARED\danish gang bang hardcore uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay sleeping (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx full movie (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse masturbation hole castration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american kicking trambling hidden (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian fetish trambling sleeping titts .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\System32\DriverStore\Temp\trambling full movie feet balls (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian gay sleeping shower .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beast sleeping shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore masturbation hole castration .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling [bangbus] (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black cum xxx [free] fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\sperm big feet granny (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie catfight boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\russian fetish lingerie [bangbus] (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish fetish beast voyeur YEâPSè& (Sandy,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish fetish trambling big .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\indian cumshot lesbian girls titts stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay masturbation feet hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\indian horse gay hot (!) glans stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum gay several models feet granny (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Google\Temp\horse hot (!) hole pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Common Files\microsoft shared\xxx licking (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\cumshot gay [free] (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia bukkake lesbian feet YEâPSè& (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian beastiality lingerie several models feet leather (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish beastiality lingerie licking (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\dotnet\shared\american cum beast voyeur cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american fetish beast big .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\security\templates\tyrkish horse hardcore full movie titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\russian cum bukkake full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\action trambling several models mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\temp\danish animal blowjob hot (!) shower .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian fucking several models (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\sperm full movie glans .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\sperm [free] upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\african hardcore licking ash (Sonja,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\black kicking horse girls titts traffic (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\trambling uncut 50+ (Britney,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\norwegian fucking [free] hole lady (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\beastiality beast girls glans .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\horse full movie black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\animal fucking full movie (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\black kicking lesbian public hole girly (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african hardcore [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\kicking xxx public lady .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\cum beast licking .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\porn trambling several models swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\action gay hot (!) (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\russian cumshot hardcore [milf] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\canadian fucking licking titts .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\spanish xxx girls glans swallow (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\russian gang bang trambling catfight cock .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\action horse [milf] titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\hardcore [bangbus] feet .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish hardcore full movie glans traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\lingerie masturbation cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\lesbian [milf] feet .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\brasilian kicking xxx [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\chinese xxx voyeur hole blondie (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\gang bang xxx girls glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\xxx [milf] mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\italian action fucking hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\chinese beast masturbation (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\tmp\american cumshot gay masturbation titts fishy (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking bukkake full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\german blowjob public cock upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\gang bang bukkake full movie hole sm (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\asian xxx hidden glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\german hardcore licking .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish nude lingerie [milf] feet hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\french beast catfight black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\canadian fucking public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\french beast [bangbus] (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\InputMethod\SHARED\danish gang bang lesbian masturbation ash .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\animal blowjob [bangbus] traffic (Jenna,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\tyrkish porn blowjob catfight cock lady (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\chinese lesbian masturbation feet beautyfull (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\handjob fucking sleeping (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\gang bang blowjob [free] titts ejaculation (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\horse fucking [milf] glans .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\sperm catfight glans circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\hardcore voyeur cock stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\indian beastiality xxx [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse hidden cock shoes (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\cumshot lesbian lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\british fucking full movie glans balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\indian handjob xxx [milf] hole mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cumshot beast public cock boots .rar.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\indian nude lingerie lesbian titts fishy (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\norwegian lingerie big cock ash (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1092 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1092 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1092 wrote to memory of 4600 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1092 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1092 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 1092 wrote to memory of 3560 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 4600 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 4600 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe
PID 4600 wrote to memory of 1952 N/A C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe

"C:\Users\Admin\AppData\Local\Temp\8e8bf7a5c1b9b9c9ea150a72574b9b6c8e52715c1d1af937ad3e443c45c22a62.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 55.209.167.89.in-addr.arpa udp
US 8.8.8.8:53 132.164.15.226.in-addr.arpa udp
US 8.8.8.8:53 251.118.243.99.in-addr.arpa udp
US 8.8.8.8:53 219.80.99.252.in-addr.arpa udp
US 8.8.8.8:53 242.227.247.156.in-addr.arpa udp
US 8.8.8.8:53 228.154.237.151.in-addr.arpa udp
US 8.8.8.8:53 159.89.12.22.in-addr.arpa udp
US 8.8.8.8:53 249.67.185.227.in-addr.arpa udp
US 8.8.8.8:53 22.8.220.15.in-addr.arpa udp
US 8.8.8.8:53 217.34.187.209.in-addr.arpa udp
US 8.8.8.8:53 11.220.232.13.in-addr.arpa udp
US 8.8.8.8:53 192.234.114.163.in-addr.arpa udp
US 8.8.8.8:53 39.105.55.128.in-addr.arpa udp
US 8.8.8.8:53 61.250.38.97.in-addr.arpa udp
US 8.8.8.8:53 51.192.44.67.in-addr.arpa udp
US 8.8.8.8:53 68.99.144.57.in-addr.arpa udp
US 8.8.8.8:53 120.92.62.55.in-addr.arpa udp
US 8.8.8.8:53 248.222.50.204.in-addr.arpa udp
US 8.8.8.8:53 134.160.214.69.in-addr.arpa udp
US 8.8.8.8:53 214.230.77.167.in-addr.arpa udp
US 8.8.8.8:53 77.55.208.113.in-addr.arpa udp
US 8.8.8.8:53 138.210.138.56.in-addr.arpa udp
US 8.8.8.8:53 10.210.244.79.in-addr.arpa udp
US 8.8.8.8:53 250.64.224.247.in-addr.arpa udp
US 8.8.8.8:53 242.6.51.152.in-addr.arpa udp
US 8.8.8.8:53 131.112.130.70.in-addr.arpa udp
US 8.8.8.8:53 244.151.155.213.in-addr.arpa udp
US 8.8.8.8:53 100.124.54.219.in-addr.arpa udp
US 8.8.8.8:53 157.93.181.163.in-addr.arpa udp
US 8.8.8.8:53 46.202.27.98.in-addr.arpa udp
US 8.8.8.8:53 157.220.120.35.in-addr.arpa udp
US 8.8.8.8:53 86.197.119.93.in-addr.arpa udp
US 8.8.8.8:53 216.34.148.228.in-addr.arpa udp
US 8.8.8.8:53 246.219.47.102.in-addr.arpa udp
US 8.8.8.8:53 46.106.58.124.in-addr.arpa udp
US 8.8.8.8:53 247.226.57.79.in-addr.arpa udp
US 8.8.8.8:53 176.145.68.75.in-addr.arpa udp
US 8.8.8.8:53 65.127.17.254.in-addr.arpa udp
US 8.8.8.8:53 87.156.178.118.in-addr.arpa udp
US 8.8.8.8:53 61.175.183.186.in-addr.arpa udp
US 8.8.8.8:53 60.122.152.170.in-addr.arpa udp
US 8.8.8.8:53 59.104.113.111.in-addr.arpa udp
US 8.8.8.8:53 254.48.170.182.in-addr.arpa udp
US 8.8.8.8:53 194.114.30.38.in-addr.arpa udp
US 8.8.8.8:53 20.71.59.125.in-addr.arpa udp
US 8.8.8.8:53 76.19.183.210.in-addr.arpa udp
US 8.8.8.8:53 103.197.103.10.in-addr.arpa udp
US 8.8.8.8:53 246.236.158.210.in-addr.arpa udp
US 8.8.8.8:53 72.206.162.175.in-addr.arpa udp
US 8.8.8.8:53 173.158.145.172.in-addr.arpa udp
US 8.8.8.8:53 226.136.1.105.in-addr.arpa udp
US 8.8.8.8:53 114.33.208.112.in-addr.arpa udp
US 8.8.8.8:53 19.112.251.135.in-addr.arpa udp
US 8.8.8.8:53 132.251.89.240.in-addr.arpa udp
US 8.8.8.8:53 167.203.13.204.in-addr.arpa udp
US 8.8.8.8:53 102.14.218.162.in-addr.arpa udp
US 8.8.8.8:53 47.95.119.218.in-addr.arpa udp
US 8.8.8.8:53 84.182.157.211.in-addr.arpa udp
US 8.8.8.8:53 43.138.235.83.in-addr.arpa udp
US 8.8.8.8:53 165.135.206.86.in-addr.arpa udp
US 8.8.8.8:53 238.101.106.89.in-addr.arpa udp

Files

memory/1092-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american fetish beast big .avi.exe

MD5 b974a907218bc9279603825878bd32cf
SHA1 e9581c7a8defdbc5cbc64a026216a0566254af2c
SHA256 418b4ea406d0d6856d9dd90d5020056c8df037903a8fee3bdf21ad765bebb4ba
SHA512 0ceba30caa8f3468340c53d2f408830befc89969d2a30102c41441831881864f34a77a2778912532002fb83d40162933c8f09e33a8faaad24d35378c040c4e77

memory/3560-160-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1952-161-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-180-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4600-181-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3560-182-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-192-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-202-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-206-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-211-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-215-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-235-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-239-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1092-243-0x0000000000400000-0x000000000041E000-memory.dmp