Malware Analysis Report

2024-11-13 13:58

Sample ID 240407-y169psdd4w
Target 3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1
SHA256 3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1

Threat Level: Known bad

The file 3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 20:16

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 20:16

Reported

2024-04-07 20:18

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse lesbian hole circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian gang bang bukkake [bangbus] penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black cumshot lesbian sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french hardcore uncut gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\gay voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\black beastiality gay big (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm [free] titts bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american cumshot bukkake girls girly .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\System32\DriverStore\Temp\gay hot (!) cock mature (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian cumshot gay big high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian cumshot gay lesbian stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian cumshot xxx full movie lady .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\blowjob hot (!) castration (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx big hotel (Ashley,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beastiality trambling [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\xxx hot (!) beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\danish action beast lesbian titts .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\dotnet\shared\bukkake licking boots .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese handjob xxx lesbian leather .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake uncut hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\tyrkish cum fucking hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\italian cumshot xxx uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Google\Temp\sperm catfight high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking several models .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Common Files\microsoft shared\brasilian kicking fucking lesbian glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\danish porn trambling lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish beastiality xxx lesbian glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian action sperm full movie black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gay full movie titts (Sandy,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_f8d34ba1b1eb00de\chinese gay lesbian cock ejaculation (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\animal beast girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\lesbian big titts penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\asian beast several models hole sweet (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\action lingerie [free] glans young .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\spanish sperm full movie (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\italian animal horse girls feet girly .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\fetish fucking girls (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\african xxx licking .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\trambling [bangbus] (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\gang bang xxx masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\russian fetish blowjob [milf] castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\asian trambling [bangbus] ejaculation .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\nude lesbian masturbation sm (Sonja,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\lingerie [free] (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\norwegian lesbian catfight feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\indian cumshot beast girls feet hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_fe0807c37141be7a\spanish bukkake big gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\kicking lesbian several models cock .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\lesbian [milf] titts beautyfull .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\beast public .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\animal xxx voyeur (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang gay hidden glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian lesbian hidden pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\lesbian big ash (Jenna,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\nude horse full movie (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\nude bukkake masturbation hole leather (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\chinese hardcore sleeping granny (Christine,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\tyrkish action xxx lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\nude xxx several models titts traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\british sperm hidden bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\french bukkake full movie feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_b201c2e68d8dbc0d\gang bang blowjob licking feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\brasilian cumshot beast public titts hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\russian fetish lesbian [free] swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\japanese cum trambling masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_56cd15352969a8d0\spanish beast several models glans beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\norwegian lesbian several models latex .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\gang bang hardcore big cock shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\porn horse sleeping (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\PLA\Templates\fucking [bangbus] YEâPSè& (Sonja,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\spanish xxx [bangbus] feet (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\beastiality lingerie [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\asian lingerie voyeur cock (Ashley,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\gay [free] feet girly (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\indian porn lingerie voyeur high heels (Ashley,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\fetish xxx hidden glans shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\brasilian action lesbian full movie gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish cumshot lesbian full movie glans fishy (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beastiality trambling voyeur wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese lingerie licking feet .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\indian handjob horse sleeping gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\japanese porn sperm [bangbus] (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\african sperm catfight lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\american animal lesbian [milf] wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\fetish xxx big mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\fetish bukkake [free] hole .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\nude fucking several models titts boots .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\sperm [milf] glans Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\blowjob voyeur balls (Ashley,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\blowjob big ash (Christine,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\bukkake licking feet (Anniston,Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\british blowjob lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\kicking beast uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1932 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 1932 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 1932 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 4980 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 4980 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 4980 wrote to memory of 1360 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 1932 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 1932 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 1932 wrote to memory of 4008 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 191.239.25.144.in-addr.arpa udp
US 8.8.8.8:53 142.88.109.134.in-addr.arpa udp
US 8.8.8.8:53 203.198.42.204.in-addr.arpa udp
US 8.8.8.8:53 61.18.65.227.in-addr.arpa udp
US 8.8.8.8:53 147.60.180.215.in-addr.arpa udp
US 8.8.8.8:53 192.194.123.245.in-addr.arpa udp
US 8.8.8.8:53 244.2.190.58.in-addr.arpa udp
US 8.8.8.8:53 200.149.29.44.in-addr.arpa udp
US 8.8.8.8:53 188.194.249.17.in-addr.arpa udp
US 8.8.8.8:53 87.109.86.139.in-addr.arpa udp
US 8.8.8.8:53 26.20.25.254.in-addr.arpa udp
US 8.8.8.8:53 250.185.35.32.in-addr.arpa udp
US 8.8.8.8:53 166.168.78.208.in-addr.arpa udp
US 8.8.8.8:53 218.138.194.15.in-addr.arpa udp
US 8.8.8.8:53 168.238.58.126.in-addr.arpa udp
US 8.8.8.8:53 231.66.70.33.in-addr.arpa udp
US 8.8.8.8:53 179.141.241.204.in-addr.arpa udp
US 8.8.8.8:53 26.219.25.211.in-addr.arpa udp
US 8.8.8.8:53 60.175.218.199.in-addr.arpa udp
US 8.8.8.8:53 158.34.44.110.in-addr.arpa udp
US 8.8.8.8:53 98.148.10.116.in-addr.arpa udp
US 8.8.8.8:53 218.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 178.225.177.154.in-addr.arpa udp
US 8.8.8.8:53 101.94.80.155.in-addr.arpa udp
US 8.8.8.8:53 127.156.218.128.in-addr.arpa udp
US 8.8.8.8:53 59.53.172.147.in-addr.arpa udp
US 8.8.8.8:53 90.28.137.199.in-addr.arpa udp
US 8.8.8.8:53 115.192.225.117.in-addr.arpa udp
US 8.8.8.8:53 24.157.190.3.in-addr.arpa udp
US 8.8.8.8:53 95.49.226.79.in-addr.arpa udp
US 8.8.8.8:53 78.198.100.226.in-addr.arpa udp
US 8.8.8.8:53 192.135.20.48.in-addr.arpa udp
US 8.8.8.8:53 58.106.104.226.in-addr.arpa udp
US 8.8.8.8:53 131.247.137.63.in-addr.arpa udp
US 8.8.8.8:53 84.47.207.164.in-addr.arpa udp
US 8.8.8.8:53 190.252.5.52.in-addr.arpa udp
US 8.8.8.8:53 111.102.1.180.in-addr.arpa udp
US 8.8.8.8:53 177.67.69.31.in-addr.arpa udp
US 8.8.8.8:53 46.6.189.53.in-addr.arpa udp
US 8.8.8.8:53 211.92.27.107.in-addr.arpa udp
US 8.8.8.8:53 215.231.132.138.in-addr.arpa udp
US 8.8.8.8:53 40.14.77.169.in-addr.arpa udp
US 8.8.8.8:53 224.152.31.215.in-addr.arpa udp
US 8.8.8.8:53 67.174.181.199.in-addr.arpa udp
US 8.8.8.8:53 67.70.214.22.in-addr.arpa udp
US 8.8.8.8:53 99.135.66.99.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 67.239.9.68.in-addr.arpa udp
US 8.8.8.8:53 128.207.226.213.in-addr.arpa udp
US 8.8.8.8:53 152.177.84.216.in-addr.arpa udp
US 8.8.8.8:53 189.11.178.89.in-addr.arpa udp
US 8.8.8.8:53 210.120.248.145.in-addr.arpa udp
US 8.8.8.8:53 51.168.199.112.in-addr.arpa udp
US 8.8.8.8:53 202.18.201.212.in-addr.arpa udp
US 8.8.8.8:53 223.46.8.189.in-addr.arpa udp
US 8.8.8.8:53 168.66.128.160.in-addr.arpa udp
US 8.8.8.8:53 31.155.62.185.in-addr.arpa udp
US 8.8.8.8:53 156.226.174.107.in-addr.arpa udp
US 8.8.8.8:53 14.105.215.206.in-addr.arpa udp
US 8.8.8.8:53 17.6.39.64.in-addr.arpa udp
US 8.8.8.8:53 246.40.135.223.in-addr.arpa udp
US 8.8.8.8:53 159.47.58.81.in-addr.arpa udp
US 8.8.8.8:53 103.53.155.54.in-addr.arpa udp
US 8.8.8.8:53 113.125.70.215.in-addr.arpa udp
US 8.8.8.8:53 74.249.52.204.in-addr.arpa udp
US 8.8.8.8:53 187.138.174.236.in-addr.arpa udp
US 8.8.8.8:53 244.20.97.83.in-addr.arpa udp
US 8.8.8.8:53 184.137.103.33.in-addr.arpa udp
US 8.8.8.8:53 42.252.249.94.in-addr.arpa udp
US 8.8.8.8:53 34.104.77.11.in-addr.arpa udp
US 8.8.8.8:53 164.42.90.179.in-addr.arpa udp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

memory/1932-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian cumshot xxx full movie lady .zip.exe

MD5 74562aff151f937ced5a0003608f17f6
SHA1 49308e10bb5cdabdcd8d88a02f69fbb7235d498f
SHA256 b118ac5b47a810bd52c7f02b26a8728e29feaf2925a2d764934055ebad230f92
SHA512 879b02c05f4d2a553e6ff5baff748d5d90314d8c83e2c66724a7e4211ff2f0feb959cf1e4cd76019f00a2eacd60f9037e8ec5c676f42f140ab69e44ad982899a

memory/4980-11-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1360-142-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4008-147-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1932-191-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4980-196-0x0000000000400000-0x0000000000420000-memory.dmp

memory/1360-197-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4008-201-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 20:16

Reported

2024-04-07 20:18

Platform

win7-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\russian horse bukkake big .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\african bukkake catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian horse horse catfight 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\System32\DriverStore\Temp\gay uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\IME\shared\japanese cum beast [milf] hole (Gina,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american beastiality lesbian big sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\american animal lingerie [milf] gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\blowjob several models boots (Sandy,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian animal blowjob catfight glans redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\black gang bang beast catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\hardcore voyeur titts .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\black animal xxx sleeping (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\DVD Maker\Shared\indian animal lesbian licking cock boots .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\sperm catfight hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Google\Temp\fucking voyeur cock hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\tyrkish kicking horse [milf] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\indian animal xxx sleeping boots .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast public feet .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\gay [free] hole granny (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese cum xxx full movie ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\bukkake masturbation glans leather (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore masturbation mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\lingerie full movie glans swallow (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\russian beastiality bukkake [bangbus] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Program Files\Windows Journal\Templates\indian handjob xxx licking shower .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\british gay hidden glans pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\gang bang lingerie public sm .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\brasilian nude gay hot (!) feet (Christine,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie public titts .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\american cumshot trambling full movie glans .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling uncut stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\italian handjob hardcore full movie cock 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\danish beastiality horse [free] glans redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian kicking gay voyeur feet hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\trambling hidden glans penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\tyrkish gang bang bukkake uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\SoftwareDistribution\Download\italian gang bang horse sleeping mature .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\black animal lingerie masturbation titts .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\african beast hot (!) (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\cum bukkake sleeping high heels (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\german lingerie [milf] hole high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\canadian horse hot (!) (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\danish animal xxx hidden .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish animal fucking full movie glans (Sandy,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\PLA\Templates\horse licking hole .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\italian porn horse big titts 50+ (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\norwegian trambling [free] glans balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\chinese beast licking (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese blowjob licking cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\danish porn sperm [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\japanese fetish lesbian [free] feet shower .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish horse sperm licking fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\japanese animal gay licking bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\porn sperm full movie hole .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake masturbation fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\swedish horse xxx [bangbus] hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\american cum beast sleeping glans .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\swedish action beast lesbian (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\norwegian beast catfight cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\swedish fetish fucking masturbation redhair (Ashley,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\action trambling public (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish gang bang bukkake lesbian fishy (Sandy,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\porn xxx catfight sm (Anniston,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\blowjob catfight glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\indian nude trambling several models titts pregnant (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\japanese action xxx voyeur femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\norwegian fucking [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\tyrkish cumshot gay hidden granny .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\african hardcore voyeur (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\german trambling public sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\american gang bang lesbian uncut hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\temp\hardcore hidden hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\tmp\italian handjob gay [bangbus] feet sm (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\security\templates\brasilian handjob fucking public titts leather .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\spanish sperm [bangbus] cock .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\cumshot sperm hidden titts .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\spanish bukkake hot (!) (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\lesbian hot (!) redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\italian horse fucking public .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\black cum sperm lesbian titts .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\norwegian lesbian public glans penetration (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\beastiality lesbian catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\chinese lingerie catfight swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\russian porn xxx hot (!) bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\beast public titts lady .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\fetish sperm full movie sm .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\action bukkake full movie cock young .zip.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\french trambling [free] hole .rar.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2612 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2520 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2520 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2520 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2520 wrote to memory of 2388 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe
PID 2612 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe

"C:\Users\Admin\AppData\Local\Temp\3cdd779d90c951bb8be19635ca5aba89002c6f834ffd42993aaf2e0fb4df00f1.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 253.13.136.36.in-addr.arpa udp
US 8.8.8.8:53 203.2.131.108.in-addr.arpa udp
US 8.8.8.8:53 55.103.126.250.in-addr.arpa udp
US 8.8.8.8:53 225.204.207.49.in-addr.arpa udp
US 8.8.8.8:53 167.197.102.225.in-addr.arpa udp
US 8.8.8.8:53 194.57.110.115.in-addr.arpa udp
US 8.8.8.8:53 8.160.169.76.in-addr.arpa udp
US 8.8.8.8:53 224.170.251.198.in-addr.arpa udp
US 8.8.8.8:53 103.140.7.44.in-addr.arpa udp
US 8.8.8.8:53 140.241.35.247.in-addr.arpa udp
US 8.8.8.8:53 207.46.248.211.in-addr.arpa udp
US 8.8.8.8:53 246.153.211.205.in-addr.arpa udp
US 8.8.8.8:53 65.230.29.48.in-addr.arpa udp
US 8.8.8.8:53 119.240.221.60.in-addr.arpa udp
US 8.8.8.8:53 68.126.93.64.in-addr.arpa udp
US 8.8.8.8:53 126.179.227.66.in-addr.arpa udp
US 8.8.8.8:53 2.59.59.136.in-addr.arpa udp
US 8.8.8.8:53 41.130.94.212.in-addr.arpa udp
US 8.8.8.8:53 178.1.156.78.in-addr.arpa udp
US 8.8.8.8:53 207.227.116.141.in-addr.arpa udp
US 8.8.8.8:53 219.154.221.133.in-addr.arpa udp

Files

memory/2612-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\sperm catfight hairy .zip.exe

MD5 d8c8c5461863f04c16027abf4584233f
SHA1 9a34df78ffc026236a52784547f36b31365933b8
SHA256 5beba572836cc8552565bf89c3499163f717ea62f3c446a9e4c17f30db822704
SHA512 5fa2ce5009b713c43e47c579401d98a4dffbb61290ee311f39c875ea0f9ac509213eaaaeef55295a0d8dfbcf712a213134671c17c87fc399632748f06d529304

memory/2612-8-0x0000000004890000-0x00000000048B0000-memory.dmp

memory/2520-9-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2388-56-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2612-57-0x0000000004A90000-0x0000000004AB0000-memory.dmp

memory/2448-58-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2520-55-0x00000000047C0000-0x00000000047E0000-memory.dmp

memory/2612-97-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2612-99-0x0000000004890000-0x00000000048B0000-memory.dmp

memory/2520-101-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2520-102-0x00000000047C0000-0x00000000047E0000-memory.dmp

memory/2448-105-0x0000000000400000-0x0000000000420000-memory.dmp

C:\debug.txt

MD5 859275ad25c590dce05595eabbd85745
SHA1 59922c42cfc6ded0eef86aacf7c8f2505765bc83
SHA256 4422c3ba60bf357911cece6c9d0c5b7ea31598b894dd59364946244e14fc6deb
SHA512 3f8470a69bf8e4c656f5121229f00827f9a4bd28599c5db41e57abc5b1fbb3af38cf1c356cb502c743f297474d727fedc9ae1509cfe7ddcc9b3856c28f4b9bf1