Malware Analysis Report

2025-08-06 00:45

Sample ID 240403-w2h76agh5w
Target 091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5
SHA256 091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5

Threat Level: Known bad

The file 091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:24

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:24

Reported

2024-04-03 18:27

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\nude gay catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian lesbian uncut circumcision (Britney,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\action public nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\american cumshot lesbian licking hole black hairunshaved (Sandy,Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\IME\shared\french nude full movie beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\french sperm hidden stockings (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\brasilian fucking sleeping pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian lesbian masturbation sm .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\hardcore porn [bangbus] penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\IME\shared\spanish fucking blowjob voyeur nipples circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\german fetish fetish big .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\black nude beast voyeur cock high heels .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\brasilian xxx action hidden girly .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\gay hardcore public hotel (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian porn animal several models hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\blowjob [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\hardcore animal big .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\malaysia cum action lesbian sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\DVD Maker\Shared\handjob girls cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Windows Journal\Templates\cum girls granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\canadian animal full movie circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore big .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\indian hardcore masturbation bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\handjob [milf] legs hairy .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\kicking horse several models balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\trambling girls (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\norwegian hardcore sperm [free] stockings (Melissa,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\swedish cum full movie feet traffic (Tatjana,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\russian gang bang gay lesbian vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\indian animal big legs gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\asian nude sleeping (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\xxx sleeping (Janette,Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\cumshot horse [milf] vagina .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\norwegian lesbian sleeping cock .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\handjob sleeping beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\canadian cumshot public young (Sonja,Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\canadian fucking girls 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\cum beastiality [milf] circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish handjob sleeping glans hotel (Jenna,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\chinese fucking animal hidden glans .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\german trambling girls glans leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\lingerie masturbation black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\danish hardcore voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\italian cum lesbian [free] pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\danish cumshot xxx sleeping ash (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_c26c5b8280c6af34\beastiality sleeping legs ìï (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\italian blowjob uncut high heels (Curtney,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\xxx nude voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\lingerie big .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\trambling several models traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\horse hardcore [bangbus] (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian blowjob sperm big stockings .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\french sperm public .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\gang bang [bangbus] black hairunshaved (Christine).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\blowjob public glans .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\african xxx sleeping cock stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\fucking lesbian mature .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\chinese kicking hidden high heels (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\swedish blowjob horse hot (!) shower .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\black beast girls ash granny .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\InstallTemp\american lesbian uncut pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\chinese kicking public glans femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\horse gay lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\kicking horse public .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\japanese horse fucking [milf] ash .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian sperm [free] legs black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\PLA\Templates\brasilian fucking lesbian girls boots (Melissa,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\hardcore beastiality sleeping hotel (Janette,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\asian xxx action voyeur hole femdom .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\tyrkish handjob [bangbus] legs .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\malaysia gang bang action lesbian boobs YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\black blowjob several models castration (Sarah,Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\spanish lingerie full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\action gang bang lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\horse lingerie voyeur hole .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\black action hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\horse lingerie big 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\american kicking beast catfight mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\horse gay masturbation ash femdom (Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\canadian fetish several models latex .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\cum public .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\swedish xxx [free] boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\beast lingerie sleeping (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\Temp\black fetish porn hot (!) fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\russian lesbian animal hidden boobs swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\italian porn full movie castration .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\brasilian lingerie cumshot girls (Sandy,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\british nude [bangbus] ash YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2020 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2020 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2020 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2564 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2564 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2564 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2564 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 244.238.35.148.in-addr.arpa udp
US 8.8.8.8:53 18.204.9.55.in-addr.arpa udp
US 8.8.8.8:53 151.80.19.225.in-addr.arpa udp
US 8.8.8.8:53 29.10.184.135.in-addr.arpa udp
US 8.8.8.8:53 39.206.101.167.in-addr.arpa udp
US 8.8.8.8:53 52.210.228.38.in-addr.arpa udp
US 8.8.8.8:53 249.245.230.254.in-addr.arpa udp
US 8.8.8.8:53 76.15.255.89.in-addr.arpa udp
US 8.8.8.8:53 74.46.242.66.in-addr.arpa udp
US 8.8.8.8:53 174.161.75.150.in-addr.arpa udp
US 8.8.8.8:53 179.186.113.45.in-addr.arpa udp
US 8.8.8.8:53 68.162.224.27.in-addr.arpa udp
US 8.8.8.8:53 117.168.9.233.in-addr.arpa udp
US 8.8.8.8:53 197.178.24.88.in-addr.arpa udp
US 8.8.8.8:53 94.220.124.234.in-addr.arpa udp
US 8.8.8.8:53 205.243.115.171.in-addr.arpa udp
US 8.8.8.8:53 80.147.132.39.in-addr.arpa udp
US 8.8.8.8:53 10.49.200.1.in-addr.arpa udp
US 8.8.8.8:53 84.128.241.239.in-addr.arpa udp
US 8.8.8.8:53 145.123.29.25.in-addr.arpa udp
US 8.8.8.8:53 241.61.100.122.in-addr.arpa udp
US 8.8.8.8:53 20.52.215.40.in-addr.arpa udp
US 8.8.8.8:53 187.248.141.12.in-addr.arpa udp
US 8.8.8.8:53 177.230.200.95.in-addr.arpa udp
US 8.8.8.8:53 16.215.137.225.in-addr.arpa udp

Files

memory/2020-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian porn animal several models hairy .avi.exe

MD5 758a114b05413211d9f50f2fb1732156
SHA1 eaf0695171f72b0331bc5b92480296121e0caf3a
SHA256 baf15d29bd5be1bc12413d361128f5ddd7211497cab0e0983eeb5fc72abe7bf9
SHA512 0c365f7ded5dc0d2850684a12de1dcb66c57b4fc3f2f6ee42d18a42339e0bdb26b5680d3efd0e49d43a0e867a1f72720195c3c3c585c6af9295b4d8f484c4928

memory/2564-52-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2564-86-0x0000000004A90000-0x0000000004AB0000-memory.dmp

memory/2492-88-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2020-104-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2020-106-0x0000000004F40000-0x0000000004F60000-memory.dmp

memory/2564-107-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2564-108-0x0000000004A90000-0x0000000004AB0000-memory.dmp

memory/2492-110-0x0000000000400000-0x0000000000420000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:24

Reported

2024-04-03 18:27

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\nude xxx girls .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\norwegian porn [bangbus] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\chinese handjob kicking public boots .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\horse sperm licking hole (Kathrin).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\german fucking fetish [free] ash .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british fucking [milf] ash sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\norwegian blowjob horse uncut vagina ash (Ashley,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\System32\DriverStore\Temp\russian beastiality big fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\blowjob [free] YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\british lingerie cumshot voyeur stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\german sperm masturbation (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black trambling hot (!) ejaculation (Christine).zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\gay trambling uncut mistress .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\chinese cum beastiality hot (!) mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian lingerie big cock (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\handjob several models gorgeoushorny (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast big .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fetish sleeping granny (Britney,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\hardcore gang bang [bangbus] titts stockings .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\gang bang lingerie full movie upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\japanese fetish several models .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Google\Temp\nude hardcore full movie latex (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\swedish beast voyeur leather .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\dotnet\shared\japanese sperm lesbian high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\xxx xxx lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob full movie vagina (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\norwegian xxx bukkake masturbation glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\malaysia fetish hidden (Ashley,Sandy).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude lesbian swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cum beast hidden (Janette,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\InstallTemp\japanese xxx cumshot [milf] legs .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\german animal horse hot (!) (Kathrin).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_2426cc56d654beaa\trambling nude catfight sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_f962ab5f47e1e896\tyrkish lingerie handjob hot (!) titts .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\american blowjob hidden titts penetration (Sylvia,Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_a723631dce180fe0\norwegian fucking licking bondage (Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\tyrkish lesbian uncut .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_8d8f6812a0c99533\black nude kicking hot (!) vagina mistress (Anniston,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black trambling hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\brasilian handjob big penetration (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\sperm cum sleeping (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\gay masturbation vagina sm (Jade,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\cum uncut 50+ (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\cum [milf] hotel (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\danish porn lesbian (Liz,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\lingerie lesbian [milf] 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\kicking cumshot full movie boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\german fucking voyeur YEâPSè& (Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\bukkake girls cock (Sarah,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\black horse action girls black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\temp\horse sleeping sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\french cum big circumcision (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\blowjob hardcore [milf] glans .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\msil_microsoft.powershel..filedownloadmanager_31bf3856ad364e35_10.0.19041.1_none_cb69bad627df9263\gang bang trambling hidden hole (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\CbsTemp\nude big mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\african lingerie kicking several models boobs .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\british gay masturbation shower (Ashley).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\chinese lingerie nude several models 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\sperm [milf] boobs balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\danish lesbian trambling full movie nipples balls .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian porn beastiality [milf] circumcision (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\german animal cum public redhair (Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\kicking several models bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\horse hot (!) feet fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataoraclec.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_3b8d4dacc2ea6b71\french gang bang public mature .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SoftwareDistribution\Download\canadian fucking voyeur nipples .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\japanese cumshot public lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\chinese fetish [milf] glans wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\beastiality beastiality [bangbus] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\norwegian hardcore sperm lesbian 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish horse lesbian licking .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn trambling [milf] titts hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot [bangbus] traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\xxx full movie .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\indian lesbian [milf] feet granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\asian lingerie lesbian titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\german bukkake trambling [milf] nipples 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\british fetish hidden cock (Janette,Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\sperm horse public circumcision (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american beastiality [bangbus] (Jade,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\american bukkake beastiality voyeur 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\norwegian fucking fetish hot (!) castration .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\PLA\Templates\animal catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\italian cumshot lingerie public Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african hardcore horse girls ash hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\norwegian handjob cum [free] vagina .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\asian cumshot uncut lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\chinese beast full movie feet young .zip.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\lingerie public hairy (Sarah,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\horse catfight fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_db70a8ec1b999dd5\lesbian licking glans fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\african action nude girls glans sm .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\british fetish hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2540 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2540 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2540 wrote to memory of 4704 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2540 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2540 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 2540 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 4704 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 4704 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe
PID 4704 wrote to memory of 4252 N/A C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe

"C:\Users\Admin\AppData\Local\Temp\091ca27bca23c9221911b2b6e44574173a4df0a0e00f5e59e15686be8e3b38e5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.76.2.181.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 222.30.96.162.in-addr.arpa udp
US 8.8.8.8:53 251.83.137.112.in-addr.arpa udp
US 8.8.8.8:53 203.169.237.91.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 103.70.202.146.in-addr.arpa udp
US 8.8.8.8:53 166.21.161.233.in-addr.arpa udp
US 8.8.8.8:53 132.97.116.251.in-addr.arpa udp
US 8.8.8.8:53 4.152.189.44.in-addr.arpa udp
US 8.8.8.8:53 22.159.238.11.in-addr.arpa udp
US 8.8.8.8:53 82.200.209.241.in-addr.arpa udp
US 8.8.8.8:53 31.21.183.237.in-addr.arpa udp
US 8.8.8.8:53 124.58.11.254.in-addr.arpa udp
US 8.8.8.8:53 185.48.246.137.in-addr.arpa udp
US 8.8.8.8:53 197.191.248.198.in-addr.arpa udp
US 8.8.8.8:53 243.183.189.221.in-addr.arpa udp
US 8.8.8.8:53 168.77.149.204.in-addr.arpa udp
US 8.8.8.8:53 171.98.142.155.in-addr.arpa udp
US 8.8.8.8:53 71.246.141.186.in-addr.arpa udp
US 8.8.8.8:53 230.193.227.133.in-addr.arpa udp
US 8.8.8.8:53 202.175.254.11.in-addr.arpa udp
US 8.8.8.8:53 252.205.19.143.in-addr.arpa udp
US 8.8.8.8:53 127.192.6.10.in-addr.arpa udp
US 8.8.8.8:53 171.220.183.77.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 128.3.18.94.in-addr.arpa udp
US 8.8.8.8:53 207.179.162.112.in-addr.arpa udp
US 8.8.8.8:53 132.21.2.73.in-addr.arpa udp
US 8.8.8.8:53 158.86.13.67.in-addr.arpa udp
US 8.8.8.8:53 86.203.159.23.in-addr.arpa udp
US 8.8.8.8:53 132.102.65.92.in-addr.arpa udp
US 8.8.8.8:53 178.135.75.20.in-addr.arpa udp
US 8.8.8.8:53 82.178.215.6.in-addr.arpa udp
US 8.8.8.8:53 232.189.186.96.in-addr.arpa udp
US 8.8.8.8:53 8.68.17.250.in-addr.arpa udp
US 8.8.8.8:53 56.165.95.117.in-addr.arpa udp
US 8.8.8.8:53 125.201.253.243.in-addr.arpa udp
US 8.8.8.8:53 115.171.161.228.in-addr.arpa udp
US 8.8.8.8:53 72.40.139.77.in-addr.arpa udp
US 8.8.8.8:53 37.226.72.28.in-addr.arpa udp
US 8.8.8.8:53 84.190.144.235.in-addr.arpa udp
US 8.8.8.8:53 33.219.214.174.in-addr.arpa udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 139.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.232.146.144.in-addr.arpa udp
US 8.8.8.8:53 141.130.155.65.in-addr.arpa udp
US 8.8.8.8:53 166.60.161.6.in-addr.arpa udp
US 8.8.8.8:53 202.224.4.212.in-addr.arpa udp
US 8.8.8.8:53 31.12.170.99.in-addr.arpa udp
US 8.8.8.8:53 202.138.126.202.in-addr.arpa udp
US 8.8.8.8:53 194.211.173.3.in-addr.arpa udp
US 8.8.8.8:53 37.109.114.220.in-addr.arpa udp
US 8.8.8.8:53 128.55.175.120.in-addr.arpa udp
US 8.8.8.8:53 173.143.102.227.in-addr.arpa udp
US 8.8.8.8:53 25.77.186.117.in-addr.arpa udp
US 8.8.8.8:53 94.60.225.129.in-addr.arpa udp
US 8.8.8.8:53 201.113.33.51.in-addr.arpa udp
US 8.8.8.8:53 14.139.133.28.in-addr.arpa udp
US 8.8.8.8:53 74.190.181.167.in-addr.arpa udp
US 8.8.8.8:53 253.204.51.75.in-addr.arpa udp
US 8.8.8.8:53 128.250.240.111.in-addr.arpa udp
US 8.8.8.8:53 5.18.171.242.in-addr.arpa udp
US 8.8.8.8:53 93.224.183.211.in-addr.arpa udp
US 8.8.8.8:53 168.111.172.14.in-addr.arpa udp
US 8.8.8.8:53 251.78.88.25.in-addr.arpa udp
US 8.8.8.8:53 224.1.163.76.in-addr.arpa udp
US 8.8.8.8:53 47.121.232.160.in-addr.arpa udp
US 8.8.8.8:53 65.34.11.135.in-addr.arpa udp
US 8.8.8.8:53 122.133.240.211.in-addr.arpa udp
US 8.8.8.8:53 243.180.146.137.in-addr.arpa udp
US 8.8.8.8:53 130.218.132.186.in-addr.arpa udp
US 8.8.8.8:53 80.218.227.20.in-addr.arpa udp
US 8.8.8.8:53 31.221.251.107.in-addr.arpa udp

Files

memory/2540-0-0x0000000000400000-0x0000000000420000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude lesbian swallow .rar.exe

MD5 3d3e40026616360e0e514b4bb20f360b
SHA1 9b8f8186b3d44f7225442e35d2b8041b78882678
SHA256 8c7ef2cb12a5e61ae810ba2cf9bc32fd8789c3a84fdaa21bde92b568eb32ba65
SHA512 83354884bf0ef128c21fedff4b7730a0f4f736fc8482af68658d8682e6f32f88af36ffff4e3d51edf91e4984b1e3132474ae91fd7ca177de59325c8be5a122e2

memory/4704-92-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3012-166-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4252-167-0x0000000000400000-0x0000000000420000-memory.dmp

memory/2540-194-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4704-197-0x0000000000400000-0x0000000000420000-memory.dmp

memory/3012-198-0x0000000000400000-0x0000000000420000-memory.dmp

memory/4252-200-0x0000000000400000-0x0000000000420000-memory.dmp