Malware Analysis Report

2024-11-13 14:01

Sample ID 240407-3bcq1shf87
Target 8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c
SHA256 8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c

Threat Level: Known bad

The file 8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

UPX packed file

Reads user/profile data of web browsers

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 23:19

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 23:19

Reported

2024-04-07 23:22

Platform

win7-20240319-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\lesbian [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\black handjob xxx big YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm [bangbus] titts gorgeoushorny (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\fucking licking .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\black fetish hardcore [free] boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\IME\shared\sperm masturbation sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\indian cum horse catfight penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish beastiality bukkake full movie sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse hot (!) hotel (Christine,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\hardcore [milf] balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\russian fetish blowjob licking ìï (Britney,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\lesbian [free] (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish horse xxx girls hole 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Windows Journal\Templates\trambling [bangbus] black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\swedish kicking sperm sleeping 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Google\Temp\handjob trambling masturbation feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\american kicking bukkake catfight gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\DVD Maker\Shared\sperm sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\indian handjob trambling [milf] 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\swedish fetish fucking catfight hole .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\blowjob several models glans redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\xxx hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\tyrkish animal xxx voyeur blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\danish beastiality hardcore hidden titts blondie (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\blowjob full movie feet (Kathrin,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian nude gay hot (!) (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SoftwareDistribution\Download\sperm [free] cock young (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\african hardcore catfight titts .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\american fetish sperm public 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\american kicking blowjob voyeur (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\horse blowjob voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese cum xxx lesbian 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\beast hot (!) feet upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\malaysia horse several models titts circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\african beast [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\chinese sperm full movie titts .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\french lingerie licking lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob blowjob catfight granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\horse voyeur feet (Britney,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\porn gay sleeping granny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\gang bang trambling big (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\cum trambling full movie feet black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\porn lesbian voyeur redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\spanish blowjob uncut leather .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\porn gay full movie titts .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\russian animal horse [free] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beast [free] feet swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\danish porn bukkake [bangbus] (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\trambling hot (!) traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\fucking [bangbus] gorgeoushorny .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian fetish gay uncut titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\fucking hidden feet boots .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\black gang bang beast hot (!) (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\horse xxx hidden hole (Sonja,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\gang bang beast lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish kicking beast girls 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian cum trambling uncut girly .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\security\templates\gay lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\brasilian handjob xxx voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\spanish hardcore uncut traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\swedish porn lingerie [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\french lesbian [milf] redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\asian blowjob hot (!) swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\canadian hardcore sleeping fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\InstallTemp\canadian gay uncut titts traffic (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\chinese lesbian hot (!) redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\Downloaded Program Files\trambling voyeur lady (Anniston,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\italian animal sperm full movie feet shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian kicking lesbian licking cock wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\indian animal gay [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\fucking girls leather .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\brasilian gang bang fucking big pregnant (Ashley,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\german xxx voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\norwegian sperm [bangbus] feet YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\african xxx uncut shower .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\chinese trambling girls feet .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\indian nude lingerie lesbian bondage .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\xxx [bangbus] cock mistress (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\african horse lesbian (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beast masturbation beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\norwegian gay licking (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\malaysia blowjob girls feet .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\beastiality xxx several models (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\beast sleeping glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\trambling lesbian feet castration .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\french horse [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1068 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2336 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1068 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 2336 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 2336 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 2336 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 2336 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 231.221.37.31.in-addr.arpa udp
US 8.8.8.8:53 78.45.61.231.in-addr.arpa udp
US 8.8.8.8:53 145.24.31.130.in-addr.arpa udp
US 8.8.8.8:53 240.238.144.54.in-addr.arpa udp
US 8.8.8.8:53 79.10.119.218.in-addr.arpa udp
US 8.8.8.8:53 36.148.201.143.in-addr.arpa udp
US 8.8.8.8:53 178.138.162.210.in-addr.arpa udp
US 8.8.8.8:53 36.18.153.67.in-addr.arpa udp
US 8.8.8.8:53 2.18.215.16.in-addr.arpa udp
US 8.8.8.8:53 61.156.92.232.in-addr.arpa udp
US 8.8.8.8:53 200.52.96.210.in-addr.arpa udp
US 8.8.8.8:53 125.54.203.111.in-addr.arpa udp
US 8.8.8.8:53 161.194.124.23.in-addr.arpa udp
US 8.8.8.8:53 197.166.237.90.in-addr.arpa udp
US 8.8.8.8:53 97.82.246.102.in-addr.arpa udp
US 8.8.8.8:53 126.207.154.72.in-addr.arpa udp
US 8.8.8.8:53 204.177.147.203.in-addr.arpa udp
US 8.8.8.8:53 199.139.133.1.in-addr.arpa udp
US 8.8.8.8:53 126.92.82.63.in-addr.arpa udp
US 8.8.8.8:53 157.197.107.198.in-addr.arpa udp
US 8.8.8.8:53 100.154.236.241.in-addr.arpa udp
US 8.8.8.8:53 192.141.79.210.in-addr.arpa udp

Files

memory/1068-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\swedish kicking sperm sleeping 40+ .rar.exe

MD5 7b6597cb2fc673dc109add7f5154d58b
SHA1 673c09d644bcb965ff6aa56ecf6fbce9ccad4742
SHA256 b3b2aa8ffe5fb3ba37b0f5010b76834a41801079635136cc308db9734ba86090
SHA512 ac6982886de4a168ca6aaf8150d81f245dfb62d8bd280d328fc6421a50ea5f823923f3fe958adfd165cf2dd4427c6d68d3e50991fa5128fe021ebacb0753a41b

memory/2336-7-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2596-54-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-53-0x0000000004870000-0x000000000488E000-memory.dmp

memory/2336-55-0x0000000002090000-0x00000000020AE000-memory.dmp

memory/1068-88-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2336-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2596-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2732-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-95-0x0000000004870000-0x000000000488E000-memory.dmp

memory/1068-99-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-103-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-117-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-125-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-129-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-135-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-139-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-143-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-147-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-151-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-155-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 23:19

Reported

2024-04-07 23:22

Platform

win10v2004-20240319-en

Max time kernel

150s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\fucking catfight redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish action beast [free] cock (Sonja,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black animal bukkake sleeping cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\canadian lingerie catfight sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake several models sm (Anniston,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\trambling several models gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie big .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black gang bang beast uncut hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\System32\DriverStore\Temp\indian beastiality horse full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\danish action hardcore voyeur cock beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\hardcore [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian several models blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\tyrkish handjob bukkake several models 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cumshot lesbian hidden hole fishy (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish lesbian hidden castration .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{D3EA2F86-0081-495C-8439-1E64CA71F999}\EDGEMITMP_57EE5.tmp\lingerie uncut (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish fetish trambling catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\hardcore masturbation girly .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm [milf] feet traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\russian nude bukkake catfight ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\dotnet\shared\tyrkish cum beast big (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob licking hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\xxx [milf] hole shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black horse trambling lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian action horse full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\danish porn trambling lesbian titts circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black cum trambling voyeur hole high heels (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\indian cumshot beast masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Google\Temp\american animal bukkake full movie cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american beastiality gay hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\danish kicking hardcore lesbian titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SoftwareDistribution\Download\trambling lesbian shower .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\gang bang horse hidden glans latex (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\nude fucking several models 50+ (Christine,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\british horse [free] (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\gay voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\fetish lingerie catfight cock .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\blowjob uncut young .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\african xxx public cock .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\kicking trambling masturbation titts shower (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\spanish trambling public redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\danish kicking bukkake full movie hole YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\french horse lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\blowjob catfight (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\porn trambling voyeur black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\norwegian gay [bangbus] glans (Sonja,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\handjob xxx [free] feet castration .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\norwegian sperm hot (!) upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse bukkake catfight granny .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\brasilian horse lesbian licking circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\lingerie full movie hole Ôï (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\cumshot xxx big young .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\russian handjob blowjob public bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\beastiality fucking voyeur (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\african xxx public pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\hardcore masturbation hole gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\malaysia xxx sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\french lingerie sleeping bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\swedish nude blowjob public hole .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\russian horse beast catfight girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\african bukkake big fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\indian action fucking public cock (Britney,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\russian cum beast public beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\british sperm girls swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\italian cumshot gay girls (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\hardcore [free] .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\tyrkish cum beast sleeping circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\american kicking lingerie sleeping girly .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.746_none_292c449ed2edefa3\fucking licking .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\hardcore hot (!) glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\sperm several models glans ash .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\porn horse voyeur ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian beastiality hardcore sleeping mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\african horse sleeping glans boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\porn xxx sleeping (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\cum lingerie hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\russian beastiality hardcore [milf] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\african hardcore masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\norwegian trambling several models hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\hardcore [free] feet (Sandy,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\asian bukkake hidden wifey (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish horse lingerie girls cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\african bukkake uncut cock ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\norwegian trambling hot (!) titts pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\blowjob licking glans (Christine,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\beast hot (!) girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\fucking [free] granny .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.746_none_4cfe603abbcbfd86\african blowjob hidden (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\spanish xxx full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\italian cum horse sleeping hole .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\sperm full movie glans shower .mpg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\indian beastiality trambling [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\french trambling [free] feet (Jenna,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\asian trambling public cock .avi.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5116 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 5116 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 5116 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 5116 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 5116 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 5116 wrote to memory of 1068 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1924 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1924 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe
PID 1924 wrote to memory of 4044 N/A C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

Processes

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe

"C:\Users\Admin\AppData\Local\Temp\8fa8e1cd64c36aa564ed7d0dca396ca23d02de3e03ce6e0814d890900bb9448c.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=776 --field-trial-handle=3408,i,16599691418790971742,134777455365707676,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.53.23.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 130.118.77.104.in-addr.arpa udp
GB 13.105.221.15:443 tcp
NL 142.251.36.42:443 tcp
US 8.8.8.8:53 80.186.24.8.in-addr.arpa udp
US 8.8.8.8:53 143.22.221.254.in-addr.arpa udp
US 8.8.8.8:53 220.143.32.155.in-addr.arpa udp
US 8.8.8.8:53 198.53.233.220.in-addr.arpa udp
US 8.8.8.8:53 46.248.76.237.in-addr.arpa udp
US 8.8.8.8:53 195.32.218.119.in-addr.arpa udp
US 8.8.8.8:53 135.230.35.248.in-addr.arpa udp
US 8.8.8.8:53 41.133.74.236.in-addr.arpa udp
US 8.8.8.8:53 33.223.178.12.in-addr.arpa udp
US 8.8.8.8:53 244.184.255.91.in-addr.arpa udp
US 8.8.8.8:53 154.34.195.42.in-addr.arpa udp
US 8.8.8.8:53 231.146.17.196.in-addr.arpa udp
US 8.8.8.8:53 98.167.185.97.in-addr.arpa udp
US 8.8.8.8:53 178.248.177.255.in-addr.arpa udp
US 8.8.8.8:53 8.158.75.12.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 180.226.5.121.in-addr.arpa udp
US 8.8.8.8:53 117.95.92.172.in-addr.arpa udp
US 8.8.8.8:53 78.11.224.223.in-addr.arpa udp
US 8.8.8.8:53 225.40.5.180.in-addr.arpa udp
US 8.8.8.8:53 113.8.221.234.in-addr.arpa udp
US 8.8.8.8:53 80.4.200.152.in-addr.arpa udp
US 8.8.8.8:53 53.151.89.161.in-addr.arpa udp
US 8.8.8.8:53 162.165.148.17.in-addr.arpa udp
US 8.8.8.8:53 178.76.191.105.in-addr.arpa udp
US 8.8.8.8:53 181.5.237.71.in-addr.arpa udp
US 8.8.8.8:53 187.243.142.130.in-addr.arpa udp
US 8.8.8.8:53 234.141.42.40.in-addr.arpa udp
US 8.8.8.8:53 137.118.73.255.in-addr.arpa udp
US 8.8.8.8:53 171.114.54.128.in-addr.arpa udp
US 8.8.8.8:53 136.60.49.77.in-addr.arpa udp
US 8.8.8.8:53 78.21.177.50.in-addr.arpa udp
US 8.8.8.8:53 171.13.5.167.in-addr.arpa udp
US 8.8.8.8:53 87.81.170.61.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 73.34.172.232.in-addr.arpa udp
US 8.8.8.8:53 214.220.213.86.in-addr.arpa udp
US 8.8.8.8:53 145.110.81.240.in-addr.arpa udp
US 8.8.8.8:53 23.13.115.155.in-addr.arpa udp
US 8.8.8.8:53 205.165.123.163.in-addr.arpa udp
US 8.8.8.8:53 63.160.20.46.in-addr.arpa udp
US 8.8.8.8:53 235.76.30.103.in-addr.arpa udp
US 8.8.8.8:53 208.30.12.62.in-addr.arpa udp
US 8.8.8.8:53 151.55.74.109.in-addr.arpa udp
US 8.8.8.8:53 33.183.76.143.in-addr.arpa udp
US 8.8.8.8:53 202.113.22.190.in-addr.arpa udp
US 8.8.8.8:53 30.103.110.76.in-addr.arpa udp
US 8.8.8.8:53 46.168.142.224.in-addr.arpa udp
US 8.8.8.8:53 77.203.231.249.in-addr.arpa udp
US 8.8.8.8:53 188.100.14.57.in-addr.arpa udp
US 8.8.8.8:53 196.65.211.166.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 142.217.75.18.in-addr.arpa udp
US 8.8.8.8:53 160.73.153.234.in-addr.arpa udp
US 8.8.8.8:53 231.59.193.141.in-addr.arpa udp
US 8.8.8.8:53 215.71.253.240.in-addr.arpa udp
US 8.8.8.8:53 161.190.142.11.in-addr.arpa udp
US 8.8.8.8:53 198.187.109.138.in-addr.arpa udp
US 8.8.8.8:53 179.237.241.73.in-addr.arpa udp
US 8.8.8.8:53 11.214.206.55.in-addr.arpa udp
US 8.8.8.8:53 166.1.140.192.in-addr.arpa udp

Files

memory/5116-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\tyrkish cumshot lesbian hidden hole fishy (Janette).avi.exe

MD5 56b6407fecd88f164cb93a2513a84db4
SHA1 280b6aaf70fba1840eab53aa5da48439ba7770a3
SHA256 9d33bb3480b37963e4692cfae152afe88670288d15575aab4bf4b4abc7298042
SHA512 e32850c31e8fe5ee8f91b6893af2889cccadca83e55d91c01dfb5eb96f493e732f4debae55e7c99a6ad7e2a42221f0f46a8c1377570d94889d9951ff540a2704

memory/1924-20-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-85-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-87-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4044-96-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1924-165-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-192-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1068-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4044-196-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-197-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-201-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-208-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-214-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-228-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-233-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-237-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-241-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-245-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-249-0x0000000000400000-0x000000000041E000-memory.dmp

memory/5116-253-0x0000000000400000-0x000000000041E000-memory.dmp