Malware Analysis Report

2024-11-15 06:07

Sample ID 240407-ydg2asch92
Target 2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc
SHA256 2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc

Threat Level: Known bad

The file 2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

UPX packed file

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-07 19:40

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-07 19:40

Reported

2024-04-07 19:42

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\gay hidden hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lingerie several models wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\bukkake sleeping stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob licking blondie (Ashley,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish handjob gay big cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\norwegian trambling catfight (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian porn horse hidden hole (Kathrin,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish cum sperm catfight circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking uncut feet .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\System32\DriverStore\Temp\lingerie [bangbus] cock bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\fucking uncut cock sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\american horse bukkake public bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\lingerie licking titts .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\russian kicking xxx girls (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx [milf] 50+ (Jenna,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse voyeur titts .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Google\Temp\black action lesbian big boots .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\trambling voyeur titts upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\tyrkish animal sperm full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Common Files\microsoft shared\fucking uncut feet wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling [milf] glans traffic (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\black action blowjob hidden (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang blowjob full movie mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast [free] ejaculation (Sonja,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\hardcore [bangbus] (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\bukkake sleeping beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob full movie young .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish kicking beast several models ejaculation (Kathrin,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse girls cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\swedish nude sperm masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\spanish sperm full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\brasilian porn lesbian girls .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\nude xxx full movie hole granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\xxx hot (!) hole upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\spanish sperm masturbation femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\asian fucking full movie glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\chinese trambling [bangbus] (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\kicking fucking masturbation (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\temp\indian animal xxx uncut lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\xxx [milf] mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_e2f5ebbcec2d8fca\norwegian gay hidden wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\trambling lesbian femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\fucking sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\cum lesbian big beautyfull (Britney,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\canadian bukkake [bangbus] shower (Christine,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\african bukkake [bangbus] glans mistress (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\animal fucking hot (!) hole hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beastiality blowjob voyeur bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\malaysia fucking big feet .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\tmp\black porn blowjob public balls .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\sperm girls .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\blowjob [bangbus] .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\Downloaded Program Files\hardcore uncut feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\fucking full movie pregnant (Gina,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\russian nude horse big .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\brasilian nude horse catfight feet YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\security\templates\indian action lesbian sleeping bedroom (Anniston,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\sperm licking YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\asian hardcore full movie bedroom (Ashley,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\indian nude sperm uncut YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\german fucking big hole .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\asian horse voyeur glans shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beastiality horse hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\black fetish lesbian [bangbus] (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\norwegian xxx lesbian glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\fucking hot (!) mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian horse horse [free] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\tyrkish action lesbian hidden young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\xxx uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\african beast voyeur (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cum fucking big 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\malaysia hardcore sleeping titts ejaculation (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.1_none_c513167c1d0a90dd\russian handjob gay voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\norwegian hardcore hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\bukkake lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american cumshot xxx [free] hole (Ashley,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\spanish lingerie lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\horse big ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\chinese sperm voyeur titts hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_10.0.19041.1_none_77cfea69a421a4a1\cum xxx licking hole .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\swedish gang bang horse full movie cock .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\russian kicking xxx sleeping fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\african xxx uncut glans .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\canadian xxx several models bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\malaysia beast big .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\french beast [free] glans ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\malaysia hardcore licking titts granny (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\trambling sleeping hole mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\japanese nude hardcore lesbian sm (Sandy,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\malaysia blowjob masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SoftwareDistribution\Download\russian kicking beast [bangbus] cock hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_c049dbdb4e15bdd2\kicking xxx big ejaculation .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\black beastiality horse uncut fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4664 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 4664 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 4664 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 3148 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 3148 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 3148 wrote to memory of 3092 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 4664 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 4664 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 4664 wrote to memory of 1632 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 164.186.69.92.in-addr.arpa udp
US 8.8.8.8:53 104.121.32.44.in-addr.arpa udp
US 8.8.8.8:53 216.198.139.33.in-addr.arpa udp
US 8.8.8.8:53 149.254.224.94.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 72.246.173.187:80 www.microsoft.com tcp
NL 72.246.173.187:80 www.microsoft.com tcp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 121.118.77.104.in-addr.arpa udp
US 8.8.8.8:53 83.57.235.170.in-addr.arpa udp
US 8.8.8.8:53 234.20.23.145.in-addr.arpa udp
US 8.8.8.8:53 232.136.139.70.in-addr.arpa udp
US 8.8.8.8:53 148.15.192.152.in-addr.arpa udp
US 8.8.8.8:53 163.132.107.189.in-addr.arpa udp
US 8.8.8.8:53 33.43.87.34.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 231.203.26.168.in-addr.arpa udp
US 8.8.8.8:53 121.31.43.77.in-addr.arpa udp
US 8.8.8.8:53 75.171.175.65.in-addr.arpa udp
US 8.8.8.8:53 113.45.145.169.in-addr.arpa udp
US 8.8.8.8:53 20.248.96.229.in-addr.arpa udp
US 8.8.8.8:53 32.56.10.212.in-addr.arpa udp
US 8.8.8.8:53 195.148.254.95.in-addr.arpa udp
US 8.8.8.8:53 217.214.152.242.in-addr.arpa udp
US 8.8.8.8:53 85.245.144.247.in-addr.arpa udp
US 8.8.8.8:53 37.49.161.122.in-addr.arpa udp
US 8.8.8.8:53 177.62.58.177.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 100.99.22.250.in-addr.arpa udp
US 8.8.8.8:53 191.147.28.51.in-addr.arpa udp
US 8.8.8.8:53 68.26.33.183.in-addr.arpa udp
US 8.8.8.8:53 13.1.172.238.in-addr.arpa udp
US 8.8.8.8:53 171.125.86.50.in-addr.arpa udp
US 8.8.8.8:53 5.180.79.50.in-addr.arpa udp
US 8.8.8.8:53 194.14.187.26.in-addr.arpa udp
US 8.8.8.8:53 222.72.10.250.in-addr.arpa udp
US 8.8.8.8:53 77.102.95.249.in-addr.arpa udp
US 8.8.8.8:53 65.38.80.90.in-addr.arpa udp
US 8.8.8.8:53 105.202.93.121.in-addr.arpa udp
US 8.8.8.8:53 214.228.202.29.in-addr.arpa udp
US 8.8.8.8:53 178.51.170.161.in-addr.arpa udp
US 8.8.8.8:53 243.234.164.152.in-addr.arpa udp
US 8.8.8.8:53 188.179.47.75.in-addr.arpa udp
US 8.8.8.8:53 36.191.226.60.in-addr.arpa udp
US 8.8.8.8:53 243.21.38.53.in-addr.arpa udp
US 8.8.8.8:53 145.248.164.54.in-addr.arpa udp
US 8.8.8.8:53 52.108.44.141.in-addr.arpa udp
US 8.8.8.8:53 175.194.96.213.in-addr.arpa udp
US 8.8.8.8:53 238.243.243.151.in-addr.arpa udp
US 8.8.8.8:53 88.217.134.73.in-addr.arpa udp
US 8.8.8.8:53 52.154.244.136.in-addr.arpa udp
US 8.8.8.8:53 6.139.94.11.in-addr.arpa udp
US 8.8.8.8:53 216.215.105.253.in-addr.arpa udp
US 8.8.8.8:53 165.188.148.72.in-addr.arpa udp
US 8.8.8.8:53 67.55.65.145.in-addr.arpa udp
US 8.8.8.8:53 204.226.100.3.in-addr.arpa udp
US 8.8.8.8:53 7.119.213.30.in-addr.arpa udp
US 8.8.8.8:53 143.180.106.116.in-addr.arpa udp
US 8.8.8.8:53 103.109.209.190.in-addr.arpa udp
US 8.8.8.8:53 25.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 238.139.144.13.in-addr.arpa udp
US 8.8.8.8:53 15.191.114.76.in-addr.arpa udp

Files

memory/4664-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian gang bang blowjob full movie mistress .mpg.exe

MD5 b292795233b84c211c5368ccb0bd6979
SHA1 34a5890e795c14f80441768e763fdb9b9fa761bd
SHA256 774c772414b5f10d525f35d9a4231dda1c615df6eb9b8498cd86059dd339765f
SHA512 097cadcc4e735f15e86bd8f5c0a7e3e790bb96f195904231866edf1a3f95c16b1f31dfbd7e9dae1f60b4f2e661c6cd274970382d8890440024146d4361204297

memory/3092-156-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1632-161-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-188-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3148-189-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3092-190-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-193-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-194-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-200-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-210-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-214-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-235-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-239-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-243-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-247-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4664-251-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-07 19:40

Reported

2024-04-07 19:42

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\danish cumshot beast [bangbus] feet YEâPSè& (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\british lesbian voyeur beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\IME\shared\lingerie uncut latex .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\black gang bang beast girls balls (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish action horse public .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\IME\shared\american nude beast hot (!) hole Ôë .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese beastiality gay [bangbus] glans black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian fetish gay hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish porn fucking several models hole stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\sperm catfight feet hairy (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Update\Download\lesbian licking cock .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\horse lesbian .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\xxx big (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\american horse horse [milf] titts .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black gang bang fucking voyeur gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\tyrkish kicking beast girls traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish animal horse [milf] ìï .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\horse lesbian cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\DVD Maker\Shared\brasilian cum lesbian big feet blondie (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files\Windows Journal\Templates\lingerie hot (!) hole ejaculation (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\sperm sleeping (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Google\Temp\black horse lingerie several models 50+ (Britney,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\brasilian nude lesbian hot (!) YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish kicking beast sleeping hole .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\trambling catfight (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\tmp\fucking masturbation cock femdom (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\bukkake full movie latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\xxx hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\beastiality blowjob public (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\indian gang bang trambling licking feet leather .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\gay uncut cock redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\sperm masturbation (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\nude fucking [milf] castration .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\cum hardcore [milf] redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian cumshot blowjob [milf] hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\bukkake [bangbus] (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\horse lesbian [bangbus] feet traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish gay lesbian titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\kicking lingerie full movie black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\xxx [free] 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\gay girls feet .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\french xxx hidden cock girly (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\lingerie licking (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\african hardcore [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\american cum horse licking .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\security\templates\lesbian masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\brasilian handjob horse several models (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\InstallTemp\russian gang bang gay full movie cock sm .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\bukkake full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\danish fetish xxx [milf] titts upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\sperm [milf] castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\chinese xxx lesbian ash (Anniston,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\cum beast catfight cock black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish handjob lesbian masturbation bedroom (Ashley,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\french hardcore several models glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\nude sperm voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\swedish kicking blowjob hidden traffic (Gina,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\black kicking trambling [bangbus] (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\beast hot (!) blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\russian beastiality fucking voyeur titts (Britney,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\russian cumshot sperm sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\asian sperm licking swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\beastiality lingerie sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\animal horse [bangbus] (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\russian animal sperm masturbation feet .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\indian fetish blowjob voyeur glans boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\hardcore uncut young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\german beast licking leather .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\german xxx sleeping titts hotel (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\black action lingerie [bangbus] glans YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish kicking xxx uncut stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\hardcore lesbian hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\beastiality hardcore lesbian titts hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\american fetish lingerie big hole YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\italian kicking lesbian voyeur (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\danish horse hardcore catfight hole penetration .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\horse trambling catfight femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\japanese gang bang bukkake [free] castration (Kathrin,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french lesbian several models gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\danish action lesbian sleeping glans .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\action sperm sleeping titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\japanese gang bang sperm uncut titts shoes (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\british sperm full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\beast girls latex (Christine,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\assembly\temp\bukkake [free] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\russian nude bukkake sleeping titts .avi.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\italian handjob sperm sleeping cock leather (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\hardcore several models titts .rar.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2072 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 2072 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 2072 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 2072 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 1732 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 1732 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 1732 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe
PID 1732 wrote to memory of 2356 N/A C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe

"C:\Users\Admin\AppData\Local\Temp\2aaef3239fcf003eab5a4d5da1b2f52c5bf570f53108e5cadf4da956cfeac8bc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 105.109.37.189.in-addr.arpa udp
US 8.8.8.8:53 228.57.13.36.in-addr.arpa udp
US 8.8.8.8:53 145.93.26.67.in-addr.arpa udp
US 8.8.8.8:53 176.2.196.107.in-addr.arpa udp
US 8.8.8.8:53 74.12.91.171.in-addr.arpa udp
US 8.8.8.8:53 244.44.10.238.in-addr.arpa udp
US 8.8.8.8:53 251.112.188.217.in-addr.arpa udp
US 8.8.8.8:53 78.242.73.39.in-addr.arpa udp
US 8.8.8.8:53 118.170.164.67.in-addr.arpa udp
US 8.8.8.8:53 43.132.89.211.in-addr.arpa udp
US 8.8.8.8:53 3.23.19.205.in-addr.arpa udp
US 8.8.8.8:53 94.72.50.41.in-addr.arpa udp
US 8.8.8.8:53 215.177.200.143.in-addr.arpa udp
US 8.8.8.8:53 251.245.140.100.in-addr.arpa udp
US 8.8.8.8:53 132.228.24.27.in-addr.arpa udp
US 8.8.8.8:53 187.233.47.104.in-addr.arpa udp
US 8.8.8.8:53 44.77.41.131.in-addr.arpa udp
US 8.8.8.8:53 199.233.222.235.in-addr.arpa udp
US 8.8.8.8:53 41.184.37.27.in-addr.arpa udp
US 8.8.8.8:53 19.187.164.218.in-addr.arpa udp

Files

memory/2072-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\danish kicking beast sleeping hole .avi.exe

MD5 9f813cd0857f160453aab503c2f4d648
SHA1 37772becc543c08a6e35a3e46e625d34e693b712
SHA256 76c5df41e8608eb94f76df3ecc2d3697668ba95de30653c27b3e8fc386442f09
SHA512 62b5207bc5b56cc274943362a5023913588c250d4416eeea73375446c65c758793ad6e28b0a5f88cb15d12ecea6193992021cc8b34a675bf96aefc39afbdd6e5

memory/2356-49-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-82-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1732-83-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2356-84-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-85-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-86-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1732-89-0x0000000001FD0000-0x0000000001FEE000-memory.dmp

memory/2072-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-107-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-110-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-113-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-116-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-124-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-130-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-133-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2072-142-0x0000000000400000-0x000000000041E000-memory.dmp