Malware Analysis Report

2024-11-30 02:37

Sample ID 240407-wy1yssbb79
Target 0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9
SHA256 0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9

Threat Level: Known bad

The file 0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 18:20

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 18:20

Reported

2024-04-07 18:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\sperm several models bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\italian action trambling voyeur (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian action blowjob uncut (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish cum gay [free] ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish horse blowjob catfight titts .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian handjob gay catfight gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian beastiality bukkake uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\bukkake big .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\IME\shared\hardcore full movie glans bedroom (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\hardcore public cock castration (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\horse [bangbus] (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish horse lesbian [bangbus] ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\DVD Maker\Shared\bukkake catfight glans hairy (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian gang bang fucking hot (!) glans YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian public hairy (Britney,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\swedish kicking trambling uncut hole femdom (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm sleeping feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\gay [free] young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast hot (!) feet .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\fucking several models (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish fetish lingerie uncut cock traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Windows Journal\Templates\bukkake licking boots .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\indian cum gay public castration (Sonja,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\lesbian full movie 40+ (Kathrin,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\gang bang lingerie catfight granny .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\animal lesbian public beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie uncut feet girly .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\handjob trambling licking (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\asian bukkake public hole .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\german hardcore [milf] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\german blowjob masturbation feet mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\chinese horse sleeping shower .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\american porn bukkake hot (!) feet leather .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian handjob trambling catfight feet .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american nude horse hidden bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\security\templates\italian action horse girls titts pregnant (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\norwegian beast catfight glans sm .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\indian beastiality beast [bangbus] leather .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\trambling girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\african bukkake masturbation castration (Sandy,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\gay big feet blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\lingerie [milf] 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\horse uncut pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\horse xxx girls hole upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\asian trambling lesbian cock .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\InstallTemp\action beast full movie blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\gang bang fucking lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\trambling masturbation bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\horse uncut feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\japanese beastiality bukkake sleeping cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\brasilian horse lingerie catfight feet high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian beastiality lesbian big bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SoftwareDistribution\Download\bukkake lesbian hotel (Jenna,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\porn bukkake hidden (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\indian action horse several models pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\russian kicking xxx catfight black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\action xxx big (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\american kicking sperm several models cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\brasilian cum hardcore hidden cock ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\tyrkish handjob horse girls feet beautyfull (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\canadian horse uncut glans ash .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling lesbian black hairunshaved (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\american animal trambling [milf] upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\animal beast uncut feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\xxx licking glans swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\tyrkish horse bukkake lesbian shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\temp\russian kicking horse sleeping leather (Ashley,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\italian gang bang xxx hidden hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\chinese fucking voyeur titts traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian horse fucking hidden glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\brasilian handjob sperm sleeping swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\swedish gang bang xxx several models latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\french beast voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob girls (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\sperm public penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\russian nude lesbian catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish cum sperm full movie (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\french bukkake uncut feet black hairunshaved (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\japanese beastiality trambling [free] ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\fetish bukkake uncut gorgeoushorny (Christine,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\action bukkake [bangbus] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\cum gay uncut fishy (Sonja,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\danish nude fucking lesbian (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\french gay catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\fetish sperm voyeur hole balls .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\animal horse voyeur bondage (Gina,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\danish horse gay masturbation glans .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish cum beast public 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2756 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 3068 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2756 wrote to memory of 2476 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 3068 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 3068 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 3068 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 3068 wrote to memory of 2672 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 223.117.212.229.in-addr.arpa udp
US 8.8.8.8:53 68.75.207.222.in-addr.arpa udp
US 8.8.8.8:53 252.136.163.211.in-addr.arpa udp
US 8.8.8.8:53 135.210.117.73.in-addr.arpa udp
US 8.8.8.8:53 213.38.1.220.in-addr.arpa udp
US 8.8.8.8:53 229.197.214.62.in-addr.arpa udp
US 8.8.8.8:53 130.251.83.180.in-addr.arpa udp
US 8.8.8.8:53 96.2.184.16.in-addr.arpa udp
US 8.8.8.8:53 201.103.41.133.in-addr.arpa udp
US 8.8.8.8:53 33.105.50.123.in-addr.arpa udp
US 8.8.8.8:53 25.205.8.133.in-addr.arpa udp
US 8.8.8.8:53 42.230.90.178.in-addr.arpa udp
US 8.8.8.8:53 16.119.118.131.in-addr.arpa udp
US 8.8.8.8:53 117.211.27.25.in-addr.arpa udp
US 8.8.8.8:53 3.111.253.157.in-addr.arpa udp
US 8.8.8.8:53 24.101.118.52.in-addr.arpa udp
US 8.8.8.8:53 26.224.76.7.in-addr.arpa udp
US 8.8.8.8:53 54.94.207.112.in-addr.arpa udp
US 8.8.8.8:53 19.104.176.1.in-addr.arpa udp

Files

memory/2756-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian public hairy (Britney,Karin).mpg.exe

MD5 2f75562806830e677b843be9b2453ad0
SHA1 94799a07e206611c4fd91cb0086bb34e62c78324
SHA256 7adeebadd0e6f4c8eb7ce640c1f262bcb274217c619e7886ee27158be0e525c4
SHA512 089ed4db8c22a5f5dae2f7a52e85f3030cd5c992415a12611fc0ed781a8be38299b5e13384191a3e5ca12e4dab3b32b8695a258fb5f179913f21bf9da323656e

memory/3068-16-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-52-0x0000000005150000-0x000000000516E000-memory.dmp

memory/2756-86-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3068-87-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2476-88-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2672-89-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3068-95-0x0000000004900000-0x000000000491E000-memory.dmp

memory/2756-97-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-103-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 3486d64733584d078445742000cd9065
SHA1 5c54e122d1254cd6b33953925aeedf52d7d9e6e8
SHA256 8a610391868d0b1a70d4f488e3a6b29499d90c1779ca5b84718325ec0147f648
SHA512 8ea37ab735ef8c1c62fdc333d3d43f43b145fcc68d7ee78bf19b8721cf9157776b3aca0f32b29e47930c2aa663c6985bd960b1880b5786b96866884464895889

memory/2756-115-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2756-153-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 18:20

Reported

2024-04-07 18:23

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\american fucking cumshot lesbian boobs mistress (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish trambling gay catfight young (Karin,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\german trambling horse girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\african handjob big wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\System32\DriverStore\Temp\british beast lesbian uncut nipples stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\action horse hot (!) granny .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\bukkake masturbation glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american beast full movie cock lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cumshot [free] boobs YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\indian fucking horse girls (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian blowjob porn uncut blondie (Melissa,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\porn catfight cock wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian animal sperm several models boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish horse full movie boobs wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse hidden wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\norwegian lingerie lesbian masturbation YEâPSè& (Jenna,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\indian fucking sleeping boobs sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian cum uncut shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse voyeur titts .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\beast trambling full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\sperm sleeping hairy (Sarah,Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling beast uncut (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Google\Temp\french lingerie uncut bondage (Sarah,Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian fetish catfight penetration (Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Common Files\microsoft shared\cumshot licking glans (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\dotnet\shared\sperm porn girls (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian beast voyeur black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese beast hardcore girls upskirt (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\cumshot masturbation .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish horse girls boots (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\tmp\italian bukkake [milf] nipples castration (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\chinese cum [bangbus] (Gina,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\beast horse masturbation (Ashley,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\xxx big lady .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\security\templates\porn fetish several models ash .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\gang bang uncut ash boots .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\kicking masturbation ash boots .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\bukkake kicking sleeping wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\japanese blowjob [milf] cock mature .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\indian horse sleeping granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\spanish lingerie sperm girls .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\tyrkish horse several models boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\malaysia fucking girls ash .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\fucking hot (!) 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\danish action horse [milf] boots (Jenna,Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish nude beastiality several models legs (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german bukkake blowjob licking bondage (Jade,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\nude trambling public .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\african handjob public (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\gay fetish catfight hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\tyrkish kicking voyeur shoes (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\nude hardcore uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\brasilian cum uncut blondie .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\german gang bang sleeping mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian horse cumshot public bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\norwegian horse animal masturbation hairy (Samantha,Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\indian sperm public (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german sperm horse [bangbus] shower .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\russian hardcore big bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\malaysia porn [free] upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese horse horse catfight leather (Sonja,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\norwegian xxx cumshot full movie sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\african gay beast [bangbus] lady .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\russian cum cum hidden vagina fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\african blowjob catfight glans (Sandy,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\gang bang lesbian hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\canadian cumshot porn voyeur (Gina,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\beastiality handjob uncut mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\Temp\american nude beastiality girls Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\horse hardcore full movie girly .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_10.0.19041.1_none_15ba23b7f1e2b81b\norwegian trambling bukkake full movie high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\InputMethod\SHARED\indian horse [free] ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black action [milf] gorgeoushorny (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\SoftwareDistribution\Download\asian sperm horse uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\gay xxx big ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\kicking xxx [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian horse animal several models latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\japanese fetish full movie titts girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_en-us_8dd6053a0a5910eb\chinese handjob licking boobs black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\american action nude public legs 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\japanese beast blowjob big ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\tyrkish blowjob [free] swallow (Sandy,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\animal sleeping wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\beastiality public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\danish gang bang masturbation stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\swedish cum lingerie uncut latex .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_de-de_bc04d4fbcc35e12a\malaysia blowjob masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\swedish bukkake [free] swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\handjob [milf] young .mpg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian kicking hidden blondie (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american sperm trambling public redhair (Jade,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\asian blowjob bukkake big .rar.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\lesbian gang bang [milf] feet (Anniston,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\norwegian cum public sweet (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2908 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 2908 wrote to memory of 1664 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 1664 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 1664 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe
PID 1664 wrote to memory of 1356 N/A C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

Processes

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe

"C:\Users\Admin\AppData\Local\Temp\0793fe8277625c853c3dd0bb06b44f151ff5d2394a85fafb31d1ed9c7dbf8dd9.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 178.223.142.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 208.236.151.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 135.187.30.210.in-addr.arpa udp
US 8.8.8.8:53 45.162.49.183.in-addr.arpa udp
US 8.8.8.8:53 139.198.126.45.in-addr.arpa udp
US 8.8.8.8:53 232.48.164.224.in-addr.arpa udp
US 8.8.8.8:53 120.135.150.134.in-addr.arpa udp
US 8.8.8.8:53 132.220.252.20.in-addr.arpa udp
US 8.8.8.8:53 163.57.242.37.in-addr.arpa udp
US 8.8.8.8:53 245.84.248.173.in-addr.arpa udp
US 8.8.8.8:53 23.236.215.213.in-addr.arpa udp
US 8.8.8.8:53 223.153.139.199.in-addr.arpa udp
US 8.8.8.8:53 219.207.111.151.in-addr.arpa udp
US 8.8.8.8:53 7.165.27.180.in-addr.arpa udp
US 8.8.8.8:53 77.197.214.18.in-addr.arpa udp
US 8.8.8.8:53 240.4.173.29.in-addr.arpa udp
US 8.8.8.8:53 178.2.81.4.in-addr.arpa udp
US 8.8.8.8:53 65.33.1.85.in-addr.arpa udp
US 8.8.8.8:53 77.22.28.58.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 24.43.106.102.in-addr.arpa udp
US 8.8.8.8:53 105.3.243.8.in-addr.arpa udp
US 8.8.8.8:53 52.237.233.31.in-addr.arpa udp
US 8.8.8.8:53 39.47.75.86.in-addr.arpa udp
US 8.8.8.8:53 162.51.82.236.in-addr.arpa udp
US 8.8.8.8:53 214.151.94.148.in-addr.arpa udp
US 8.8.8.8:53 120.144.243.104.in-addr.arpa udp
US 8.8.8.8:53 115.33.248.230.in-addr.arpa udp
US 8.8.8.8:53 226.101.211.83.in-addr.arpa udp
US 8.8.8.8:53 243.232.41.64.in-addr.arpa udp
US 8.8.8.8:53 68.194.70.153.in-addr.arpa udp
US 8.8.8.8:53 115.185.162.115.in-addr.arpa udp
US 8.8.8.8:53 245.150.47.164.in-addr.arpa udp
US 8.8.8.8:53 45.109.3.3.in-addr.arpa udp
US 8.8.8.8:53 202.197.240.204.in-addr.arpa udp
US 8.8.8.8:53 188.140.104.200.in-addr.arpa udp
US 8.8.8.8:53 82.174.44.105.in-addr.arpa udp
US 8.8.8.8:53 44.56.175.194.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.34.75.135.in-addr.arpa udp
US 8.8.8.8:53 224.95.146.106.in-addr.arpa udp
US 8.8.8.8:53 199.44.130.231.in-addr.arpa udp
US 8.8.8.8:53 184.18.140.183.in-addr.arpa udp
US 8.8.8.8:53 230.123.188.250.in-addr.arpa udp
US 8.8.8.8:53 84.87.162.223.in-addr.arpa udp
US 8.8.8.8:53 97.252.46.29.in-addr.arpa udp
US 8.8.8.8:53 190.2.253.50.in-addr.arpa udp
US 8.8.8.8:53 139.138.153.23.in-addr.arpa udp
US 8.8.8.8:53 112.215.190.69.in-addr.arpa udp
US 8.8.8.8:53 231.163.7.50.in-addr.arpa udp
US 8.8.8.8:53 68.40.197.101.in-addr.arpa udp
US 8.8.8.8:53 101.120.93.209.in-addr.arpa udp
US 8.8.8.8:53 33.179.165.244.in-addr.arpa udp
US 8.8.8.8:53 37.188.1.70.in-addr.arpa udp
US 8.8.8.8:53 220.246.238.31.in-addr.arpa udp
US 8.8.8.8:53 116.65.226.107.in-addr.arpa udp
US 8.8.8.8:53 188.9.245.171.in-addr.arpa udp
US 8.8.8.8:53 106.183.45.154.in-addr.arpa udp
US 8.8.8.8:53 14.174.163.23.in-addr.arpa udp
US 8.8.8.8:53 80.33.163.1.in-addr.arpa udp
US 8.8.8.8:53 142.181.73.47.in-addr.arpa udp
US 8.8.8.8:53 10.175.85.181.in-addr.arpa udp
US 8.8.8.8:53 153.45.76.130.in-addr.arpa udp
US 8.8.8.8:53 254.163.227.2.in-addr.arpa udp
US 8.8.8.8:53 208.63.53.192.in-addr.arpa udp
US 8.8.8.8:53 43.19.4.137.in-addr.arpa udp
US 8.8.8.8:53 237.255.25.80.in-addr.arpa udp
US 8.8.8.8:53 224.8.25.100.in-addr.arpa udp
US 8.8.8.8:53 221.50.1.50.in-addr.arpa udp

Files

memory/2908-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse hidden wifey .mpeg.exe

MD5 2046b373e8f64713deef1a63241fde4c
SHA1 3be025ed91b4ca51040b0fa293f9360651903436
SHA256 eeb3e9bf2fd68785e9b3ab771fccdeaadeca9d8590a61f50e46563ac318dfe76
SHA512 2210218e0997ddcae85656a8bd9106d68bc8bfe51691bd7cfffddf98d8679de2b92f26875183c118ef918c19318fd2221a69fc8e283729bea194aade279333d4

memory/1664-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-184-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1356-186-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-202-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-205-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-209-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-212-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-215-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-218-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-221-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-224-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-230-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2908-233-0x0000000000400000-0x000000000041E000-memory.dmp