Malware Analysis Report

2024-11-30 04:13

Sample ID 240408-bfwk5sca7x
Target c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b
SHA256 c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b
Tags
persistence spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b

Threat Level: Known bad

The file c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer upx

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-08 01:05

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-08 01:05

Reported

2024-04-08 01:08

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\italian porn big leather .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\trambling girls ash .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal lesbian voyeur tß .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\cumshot girls leather (Sonja,Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\handjob nude [milf] (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse beast [bangbus] glans girly (Sonja,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian porn xxx voyeur leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\asian beast hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\malaysia fetish uncut vagina gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\black lesbian [milf] (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian hardcore cumshot several models fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\canadian fetish cum girls .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\bukkake hot (!) legs swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Google\Temp\asian porn full movie upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\kicking [milf] hotel (Janette,Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling nude big castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\hardcore beastiality licking titts YEâPSè& (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\canadian fetish voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german handjob full movie balls .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\cum hardcore sleeping nipples shower .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian hardcore masturbation girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake porn full movie glans 50+ (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\dotnet\shared\gang bang action big .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\fetish catfight shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\bukkake sleeping (Jade,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\bukkake hardcore voyeur hole (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\malaysia lesbian licking ΋ .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\nude fucking public black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\gang bang [bangbus] legs .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\japanese hardcore kicking several models ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\fucking beastiality [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\french gay [bangbus] young (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\nude voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\canadian gay girls gorgeoushorny .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\kicking nude [free] vagina castration (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\bukkake porn big .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\african hardcore big boobs Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\trambling gay uncut bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\malaysia gang bang sperm sleeping 40+ (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_6e0e425bd0e83959\japanese blowjob girls Ôï (Melissa,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\spanish handjob handjob hidden latex .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_b597a55b603b537d\cumshot public fishy (Jenna,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\blowjob handjob full movie titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\hardcore several models gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\danish hardcore lingerie full movie blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\lesbian xxx catfight (Gina,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\asian horse licking mistress (Sonja,Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\gang bang voyeur hole latex .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_cee95e04c201c860\tyrkish lesbian [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\gang bang sperm several models young .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\PLA\Templates\horse uncut fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\cum uncut (Ashley,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\african kicking porn [milf] balls .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\danish gay action girls (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\spanish trambling hot (!) feet wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish xxx sleeping hole circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\italian nude lesbian sm .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian xxx hidden titts pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_2610450c30b37cc4\handjob porn voyeur .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\action animal big redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish hardcore uncut hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian porn cum girls balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\japanese cumshot hot (!) vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\african gay several models titts (Sarah,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\african beast public granny .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian lingerie [free] hole young .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian beastiality fucking full movie shower (Tatjana,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_10.0.19041.1_none_01240756137c3159\nude catfight vagina upskirt (Christine,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\italian hardcore gay catfight redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fucking sperm licking boobs mature .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\danish action cumshot hot (!) fishy (Karin,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_93c5f32b7859ec4f\xxx girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\InstallTemp\british action kicking masturbation stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\italian horse sperm sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse big .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\japanese bukkake animal licking lady .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_965fbcbe4df0916b\german bukkake lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\blowjob lingerie several models .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish cum horse public ash high heels (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_6c6bd34f082a97f1\horse hardcore [bangbus] glans pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\blowjob hot (!) fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\spanish kicking nude several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\lingerie catfight bondage (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\sperm full movie redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\nude girls gorgeoushorny (Sylvia,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.746_none_0b33a1c93a22de1c\danish kicking girls femdom (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\indian handjob bukkake public balls .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian gang bang girls stockings (Karin,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\asian action uncut nipples (Britney,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\malaysia hardcore lingerie several models .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\security\templates\japanese action hot (!) boobs redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german bukkake cum girls feet mature .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\indian blowjob trambling [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..ervices-tsfairshare_31bf3856ad364e35_10.0.19041.1_none_e32b64807ab11fd2\action handjob several models feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 912 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 912 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 912 wrote to memory of 1640 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1640 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1640 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1640 wrote to memory of 4544 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 912 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 912 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 912 wrote to memory of 3308 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 35.65.18.52.in-addr.arpa udp
US 8.8.8.8:53 83.194.109.28.in-addr.arpa udp
US 8.8.8.8:53 121.192.247.144.in-addr.arpa udp
US 8.8.8.8:53 93.232.33.95.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 204.38.158.106.in-addr.arpa udp
US 8.8.8.8:53 181.45.119.62.in-addr.arpa udp
US 8.8.8.8:53 126.163.68.54.in-addr.arpa udp
US 8.8.8.8:53 74.163.153.70.in-addr.arpa udp
US 8.8.8.8:53 51.57.24.14.in-addr.arpa udp
US 8.8.8.8:53 119.136.100.183.in-addr.arpa udp
US 8.8.8.8:53 88.6.17.98.in-addr.arpa udp
US 8.8.8.8:53 4.129.223.107.in-addr.arpa udp
US 8.8.8.8:53 36.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 226.44.226.227.in-addr.arpa udp
US 8.8.8.8:53 121.57.166.160.in-addr.arpa udp
US 8.8.8.8:53 39.242.211.70.in-addr.arpa udp
US 8.8.8.8:53 129.240.95.184.in-addr.arpa udp
US 8.8.8.8:53 60.203.75.41.in-addr.arpa udp
US 8.8.8.8:53 224.148.183.96.in-addr.arpa udp
US 8.8.8.8:53 120.182.29.144.in-addr.arpa udp
US 8.8.8.8:53 210.165.53.58.in-addr.arpa udp
US 8.8.8.8:53 194.220.53.109.in-addr.arpa udp
US 8.8.8.8:53 96.189.20.239.in-addr.arpa udp
US 8.8.8.8:53 26.170.86.60.in-addr.arpa udp
US 8.8.8.8:53 135.124.40.232.in-addr.arpa udp
US 8.8.8.8:53 237.168.98.48.in-addr.arpa udp
US 8.8.8.8:53 33.239.13.218.in-addr.arpa udp
US 8.8.8.8:53 112.13.159.120.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 126.136.76.6.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 153.33.17.210.in-addr.arpa udp
US 8.8.8.8:53 201.225.85.237.in-addr.arpa udp
US 8.8.8.8:53 161.48.94.223.in-addr.arpa udp
US 8.8.8.8:53 108.188.81.211.in-addr.arpa udp
US 8.8.8.8:53 49.197.78.177.in-addr.arpa udp
US 8.8.8.8:53 185.96.144.233.in-addr.arpa udp
US 8.8.8.8:53 122.229.180.217.in-addr.arpa udp
US 8.8.8.8:53 195.104.16.161.in-addr.arpa udp
US 8.8.8.8:53 40.126.173.66.in-addr.arpa udp
US 8.8.8.8:53 205.1.136.187.in-addr.arpa udp
US 8.8.8.8:53 62.249.40.7.in-addr.arpa udp
US 8.8.8.8:53 77.125.203.231.in-addr.arpa udp
US 8.8.8.8:53 85.85.55.144.in-addr.arpa udp
US 8.8.8.8:53 213.126.167.61.in-addr.arpa udp
US 8.8.8.8:53 7.242.243.60.in-addr.arpa udp
US 8.8.8.8:53 104.161.53.197.in-addr.arpa udp
US 8.8.8.8:53 108.67.108.19.in-addr.arpa udp
US 8.8.8.8:53 178.145.248.74.in-addr.arpa udp
US 8.8.8.8:53 140.208.20.5.in-addr.arpa udp
US 8.8.8.8:53 96.179.38.56.in-addr.arpa udp
US 8.8.8.8:53 100.13.84.67.in-addr.arpa udp
US 8.8.8.8:53 99.184.47.96.in-addr.arpa udp
US 8.8.8.8:53 204.3.171.240.in-addr.arpa udp
US 8.8.8.8:53 238.207.65.114.in-addr.arpa udp
US 8.8.8.8:53 167.129.61.10.in-addr.arpa udp
US 8.8.8.8:53 211.233.235.147.in-addr.arpa udp
US 8.8.8.8:53 158.51.38.61.in-addr.arpa udp
US 8.8.8.8:53 102.242.75.26.in-addr.arpa udp
US 8.8.8.8:53 6.232.1.191.in-addr.arpa udp
US 8.8.8.8:53 100.166.200.204.in-addr.arpa udp
US 8.8.8.8:53 73.152.212.125.in-addr.arpa udp
US 8.8.8.8:53 18.61.92.122.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 55.30.100.225.in-addr.arpa udp

Files

memory/912-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling nude big castration .mpg.exe

MD5 cc7b7f5ef0a7d455a474f3fb1edccdd0
SHA1 ab04df604840f23440af4b123b343a74641c903d
SHA256 7860fb802b515ec690fe024d241b28f83d3ddf9abff192d44ece049e58b6f2ac
SHA512 d7addab7175e43343bddfe683b9651036d4086498db2f6a73ed3f237c2c48442c50b357041f82b3095ca79f6af27f78ba182f2ffbcb825d8c2a8ac9cf9ea2c1a

memory/4544-154-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3308-155-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-180-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1640-181-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-185-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-191-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-192-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-202-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-206-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-211-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-215-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-227-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-235-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-239-0x0000000000400000-0x000000000041E000-memory.dmp

memory/912-243-0x0000000000400000-0x000000000041E000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-08 01:05

Reported

2024-04-08 01:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\nude action big cock .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\african fucking full movie hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\black lesbian cum lesbian shower .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\tyrkish horse gay lesbian (Sandy,Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\animal gay hot (!) YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\japanese lesbian sleeping mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\animal kicking hot (!) ejaculation (Jade,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian horse [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\italian gang bang action [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay uncut (Liz,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african blowjob sleeping nipples .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\malaysia trambling licking .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish nude lingerie masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\brasilian beastiality nude uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\DVD Maker\Shared\lingerie public boobs (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\asian xxx [free] YEâPSè& .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\british beastiality bukkake hidden titts ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\chinese cumshot fetish masturbation (Samantha,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files\Windows Journal\Templates\beast lingerie full movie .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\german porn animal sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Google\Temp\american hardcore beastiality girls boots (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\gay public blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\cum [milf] traffic (Melissa,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\russian lingerie [bangbus] (Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese bukkake gang bang big shoes (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\tyrkish lingerie fetish [bangbus] young (Christine,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\american handjob gang bang big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\Temp\american horse several models (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\blowjob porn licking ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\fetish full movie 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\indian cumshot full movie black hairunshaved (Jade,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\italian cum several models .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\swedish bukkake masturbation girly .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\malaysia cum big legs (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\lesbian lesbian ejaculation (Gina,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\temp\american porn big nipples castration (Anniston,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\italian cumshot [free] upskirt (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\beastiality nude hot (!) latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\asian fetish animal full movie mistress .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\russian sperm full movie bondage .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\italian nude horse [milf] .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking big fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\brasilian sperm horse girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\cum uncut high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\malaysia trambling uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\brasilian kicking uncut cock upskirt (Tatjana,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\american lingerie blowjob full movie legs fishy (Samantha,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian cum several models beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\nude beastiality [milf] feet ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\asian cum kicking [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\brasilian action blowjob [milf] (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\tyrkish lingerie sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\german beast girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\tyrkish cum [milf] leather (Ashley,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\tyrkish blowjob horse hot (!) (Anniston,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\sperm gang bang masturbation boobs swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\handjob action big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\fetish hidden (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cum lesbian uncut upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\tmp\gay lingerie voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\japanese porn animal public lady (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\tyrkish gay voyeur pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\kicking full movie glans .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\malaysia trambling hidden legs granny .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\indian fucking [free] (Ashley,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\japanese hardcore blowjob [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\lingerie xxx voyeur gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\horse xxx big femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\gay blowjob full movie 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beastiality gang bang hidden nipples fishy .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\chinese beastiality cum full movie granny (Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\african fucking several models .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\italian nude catfight YEâPSè& (Tatjana,Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\gang bang cum voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\norwegian fetish [bangbus] vagina (Melissa,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\american animal trambling licking latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\kicking several models mistress (Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\german gang bang masturbation high heels (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\lingerie action hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot horse girls sm (Jade,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\african hardcore several models lady (Britney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\tyrkish gay [bangbus] (Tatjana,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\russian handjob licking upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\cumshot hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\PLA\Templates\porn [milf] ash sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\british action hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian horse hidden bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\danish horse several models hotel .mpg.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1340 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 1340 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 2624 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 2624 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 2624 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe
PID 2624 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe

"C:\Users\Admin\AppData\Local\Temp\c18968160bf96813d4bd67afa811a2909c81be3a8d8d906d08fb7d11615d1c7b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 229.62.92.229.in-addr.arpa udp
US 8.8.8.8:53 113.155.202.207.in-addr.arpa udp
US 8.8.8.8:53 215.143.159.74.in-addr.arpa udp
US 8.8.8.8:53 8.161.152.116.in-addr.arpa udp
US 8.8.8.8:53 171.139.97.161.in-addr.arpa udp
US 8.8.8.8:53 181.206.238.203.in-addr.arpa udp
US 8.8.8.8:53 172.205.194.240.in-addr.arpa udp
US 8.8.8.8:53 57.88.46.202.in-addr.arpa udp
US 8.8.8.8:53 104.171.206.228.in-addr.arpa udp
US 8.8.8.8:53 207.107.225.63.in-addr.arpa udp
US 8.8.8.8:53 231.226.205.156.in-addr.arpa udp
US 8.8.8.8:53 18.16.41.120.in-addr.arpa udp
US 8.8.8.8:53 18.68.248.108.in-addr.arpa udp
US 8.8.8.8:53 219.186.23.36.in-addr.arpa udp
US 8.8.8.8:53 116.40.218.73.in-addr.arpa udp
US 8.8.8.8:53 12.107.225.4.in-addr.arpa udp
US 8.8.8.8:53 93.27.87.29.in-addr.arpa udp
US 8.8.8.8:53 243.242.160.103.in-addr.arpa udp
US 8.8.8.8:53 57.139.220.33.in-addr.arpa udp
US 8.8.8.8:53 159.152.5.12.in-addr.arpa udp

Files

memory/1340-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\african blowjob sleeping nipples .zip.exe

MD5 4751f209ebbd0d0b3a3f95df61332ef9
SHA1 d5d59de348d15bb2b9eabd14fbadcecfd9f0a57e
SHA256 b9b64e403ccac273d04b7a99faa8dc264ffa272199064736bcf72c4522e0dee2
SHA512 60bfeec3bb728107e45ed3c1feef462d7baba623b02e99087315b1a78c0723a1531e1e638f24ab1afb42a9ab1eb0ebb291c7460b9fa112b26d281bcc78f17bc5

memory/1340-9-0x0000000004B20000-0x0000000004B3E000-memory.dmp

memory/1340-54-0x0000000005090000-0x00000000050AE000-memory.dmp

memory/2496-57-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2624-56-0x0000000004920000-0x000000000493E000-memory.dmp

memory/2456-55-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-90-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2624-91-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2456-92-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2496-93-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-94-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-95-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-99-0x0000000005090000-0x00000000050AE000-memory.dmp

memory/1340-101-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-105-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 e6bb19d12dcfe95ab7083465653e0b2b
SHA1 0626c65657722a3dd0684f212f48c54aa5124df4
SHA256 b6544e8ba1ea56e7eeb112041d9a7f944483a72198f9eb8e8fe158456801f705
SHA512 9d9d14f17113e19cd69c76779af0e7445f9c9603d5d83bb793aaa61720c3d7b6a64def3b07aa4870f5f3a668bc1259f3ed25ec5f79f4259129bfaf1f3a5b0a80

memory/1340-119-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-123-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-127-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-131-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-137-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-141-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-145-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-149-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-153-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1340-157-0x0000000000400000-0x000000000041E000-memory.dmp