Malware Analysis Report

2025-08-06 00:44

Sample ID 240403-wxxjzsgg6z
Target 071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47
SHA256 071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47

Threat Level: Known bad

The file 071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47 was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:18

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:18

Reported

2024-04-03 18:21

Platform

win7-20240221-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\kicking licking .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie [milf] nipples redhair (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\System32\DriverStore\Temp\gay catfight ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\IME\shared\swedish action [milf] fishy (Curtney,Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\norwegian porn animal uncut penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\porn animal full movie high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\african lingerie beast voyeur granny .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\kicking xxx full movie titts bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\tyrkish handjob kicking hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude gay voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\blowjob nude hot (!) traffic (Melissa).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\action uncut ejaculation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\german hardcore voyeur nipples femdom (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\DVD Maker\Shared\canadian beastiality lingerie masturbation ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\danish trambling hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\handjob big ash YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\black lingerie cum hidden feet young (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish horse fetish uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\hardcore bukkake full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\danish horse hot (!) traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Windows Journal\Templates\american beast handjob public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\german fucking hot (!) (Anniston).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black handjob sperm licking vagina swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Google\Temp\bukkake hardcore [milf] (Jenna,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\horse [milf] .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\british porn nude masturbation circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\horse fetish big .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\german gang bang masturbation hairy (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\PLA\Templates\lesbian lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian cumshot several models mistress .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_6.1.7600.16385_none_af6f98ff87b0e3cc\brasilian porn voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_16a2bb1dbab1c595\canadian animal beast licking granny (Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\lesbian gay public blondie (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\Downloaded Program Files\canadian cumshot [free] shower .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\swedish animal gay lesbian black hairunshaved (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\french nude cum sleeping .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\tyrkish cumshot lingerie several models .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish lesbian [free] Ôë .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\danish blowjob trambling hidden traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian animal hot (!) ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\german handjob girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\sperm beast [bangbus] cock shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\handjob uncut feet latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\british gay sperm licking legs 50+ .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\beast horse lesbian (Sandy,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\brasilian beastiality kicking public young .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\blowjob fucking voyeur glans latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\danish blowjob full movie legs sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\spanish beastiality big .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\asian horse hardcore lesbian ìï (Jenna).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\black blowjob handjob uncut (Britney,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\fetish lesbian big (Britney,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\cumshot hidden lady (Jenna).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\animal hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\beast porn uncut (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\gay action masturbation stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\handjob blowjob hidden sweet (Christine,Christine).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob girls nipples (Christine,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\trambling fucking licking legs black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\gay catfight high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\lingerie public ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\temp\black trambling big .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\japanese cum beast masturbation feet boots .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\spanish fetish lingerie uncut boots .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\cumshot hot (!) upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\brasilian sperm lingerie public boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\InstallTemp\brasilian xxx bukkake hot (!) ejaculation (Anniston,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\tmp\tyrkish horse [free] cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\asian horse masturbation boots .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\asian cum several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\trambling beast [free] boots (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\brasilian gang bang animal big hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\japanese gay voyeur shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\danish fucking full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\chinese lingerie kicking lesbian glans lady .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\malaysia gay fetish uncut beautyfull (Samantha,Britney).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\american fucking licking blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\Temp\beast xxx sleeping (Tatjana,Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\british fetish beast full movie penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\chinese lesbian gay voyeur mature .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_cd2006602e5ee22e\brasilian horse hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\british action beast public sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\french hardcore action lesbian hotel (Ashley).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\beastiality hidden nipples stockings (Sonja).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\lingerie public stockings .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\japanese bukkake trambling voyeur beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\black handjob gay catfight bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\hardcore horse public sweet (Gina,Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\african horse action catfight (Jenna,Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2924 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2924 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2924 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2924 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2456 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2456 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2456 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 2456 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

Processes

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 90.25.65.125.in-addr.arpa udp
US 8.8.8.8:53 231.11.104.239.in-addr.arpa udp
US 8.8.8.8:53 81.67.136.95.in-addr.arpa udp
US 8.8.8.8:53 47.180.64.154.in-addr.arpa udp
US 8.8.8.8:53 120.193.212.159.in-addr.arpa udp
US 8.8.8.8:53 22.45.225.34.in-addr.arpa udp
US 8.8.8.8:53 67.114.235.28.in-addr.arpa udp
US 8.8.8.8:53 109.177.154.107.in-addr.arpa udp
US 8.8.8.8:53 134.8.77.189.in-addr.arpa udp
US 8.8.8.8:53 53.16.70.226.in-addr.arpa udp
US 8.8.8.8:53 12.53.10.79.in-addr.arpa udp
US 8.8.8.8:53 214.40.21.78.in-addr.arpa udp
US 8.8.8.8:53 58.100.217.21.in-addr.arpa udp
US 8.8.8.8:53 33.101.125.245.in-addr.arpa udp
US 8.8.8.8:53 238.196.232.177.in-addr.arpa udp
US 8.8.8.8:53 92.119.13.58.in-addr.arpa udp
US 8.8.8.8:53 145.163.58.141.in-addr.arpa udp
US 8.8.8.8:53 174.78.107.34.in-addr.arpa udp
US 8.8.8.8:53 220.145.186.204.in-addr.arpa udp
US 8.8.8.8:53 41.218.196.104.in-addr.arpa udp
US 8.8.8.8:53 99.238.187.19.in-addr.arpa udp
US 8.8.8.8:53 72.113.19.129.in-addr.arpa udp
US 8.8.8.8:53 103.119.46.50.in-addr.arpa udp
US 8.8.8.8:53 207.253.12.47.in-addr.arpa udp
US 8.8.8.8:53 150.221.15.192.in-addr.arpa udp
US 8.8.8.8:53 42.105.145.216.in-addr.arpa udp
US 8.8.8.8:53 161.176.237.15.in-addr.arpa udp
US 8.8.8.8:53 224.212.201.61.in-addr.arpa udp
US 8.8.8.8:53 208.87.129.5.in-addr.arpa udp
US 8.8.8.8:53 132.103.90.113.in-addr.arpa udp
US 8.8.8.8:53 80.35.138.89.in-addr.arpa udp

Files

memory/2924-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\german fucking hot (!) (Anniston).avi.exe

MD5 a201144af778a1e32fe8a1a3f76b2a81
SHA1 ea08df32b061edf0205f702b1835d0023bfa8f98
SHA256 6a5efe7b00bb46d42aaabf625bb704b1e770f7d1c7c04bf2819b2442f1e83dc7
SHA512 98d3cf4c4eed53d8aed25d37b32b3afb6cee11f5d29575aa70ed25548433e1256bf7b3a3d80162f8b5cd9c61c185c3b812360ded02f03db7c01b63bd0242ab53

memory/2924-79-0x00000000056C0000-0x00000000056DC000-memory.dmp

memory/2456-80-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2456-89-0x0000000004CD0000-0x0000000004CEC000-memory.dmp

memory/1312-90-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-94-0x0000000000400000-0x000000000041C000-memory.dmp

memory/1312-104-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-105-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-107-0x00000000056C0000-0x00000000056DC000-memory.dmp

memory/2456-108-0x0000000004CD0000-0x0000000004CEC000-memory.dmp

memory/2924-110-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-113-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-116-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-121-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-124-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-127-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-130-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-133-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-136-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-139-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-142-0x0000000000400000-0x000000000041C000-memory.dmp

memory/2924-145-0x0000000000400000-0x000000000041C000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:18

Reported

2024-04-03 18:21

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\LogFiles\Fax\Incoming\bukkake uncut titts upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm [free] upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\indian handjob horse [bangbus] (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black action bukkake licking (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\danish handjob gay voyeur hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\System32\DriverStore\Temp\swedish kicking beast public feet (Sonja,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french beast uncut glans (Kathrin,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie public (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lingerie voyeur glans castration .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese fetish horse catfight feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\american kicking gay sleeping sm .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian kicking lesbian masturbation feet swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\bukkake lesbian titts ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\beast [bangbus] glans penetration .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\xxx sleeping cock castration (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american nude xxx licking hole girly .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\brasilian horse beast several models titts shower (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx licking traffic (Ashley,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish cumshot gay [milf] .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\bukkake [bangbus] shower (Sonja,Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse fucking big .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Google\Temp\indian porn horse girls glans mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fucking masturbation (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\beast uncut stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\black cum beast licking fishy (Jenna,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Common Files\microsoft shared\tyrkish cumshot sperm sleeping cock .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\dotnet\shared\swedish animal sperm lesbian balls .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish porn lingerie hot (!) (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish horse trambling uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_734900fc110387b6\cum fucking big black hairunshaved .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\russian cumshot lingerie several models fishy (Gina,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\canadian sperm voyeur hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\action xxx public mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\kicking trambling several models (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_registry_whidbey_31bf3856ad364e35_10.0.19041.1_none_1c68775f06732f08\french hardcore uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_netfx4-_dataperfcou.._shared12_neutral_h_b03f5f7f11d50a3a_4.0.15805.0_none_24ed4511dcc3019e\norwegian beast [milf] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\Downloaded Program Files\fucking uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\cum sperm masturbation redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-uninstallsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_231ddfc33015c6db\japanese animal trambling public glans black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\security\templates\black animal sperm uncut (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\danish porn lingerie [bangbus] titts shoes (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_it-it_f1a0741e853eda74\swedish horse hardcore hidden glans .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\african trambling public titts .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\french hardcore voyeur glans sm (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_a4f93129c473df49\bukkake public .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.546_none_cd016aa683e5a345\african bukkake lesbian pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\norwegian blowjob sleeping cock femdom (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\french bukkake girls feet .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\spanish beast uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\fetish sperm voyeur swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\gang bang bukkake girls castration .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\bukkake voyeur bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\handjob sperm public bedroom (Sandy,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese action bukkake hidden hairy (Anniston,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish fetish horse several models cock bondage (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\indian fetish trambling masturbation lady .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_3058d81cfd5218f2\porn fucking public redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\handjob bukkake lesbian (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\horse full movie black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_56c05939711f0938\porn hardcore uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\indian handjob beast voyeur granny .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\sperm girls glans boots (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\canadian trambling several models glans sweet (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\tyrkish cumshot bukkake voyeur titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\german trambling [free] traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\cum trambling several models .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\japanese beastiality trambling hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\PLA\Templates\xxx [milf] (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\indian kicking lesbian girls hole mature (Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\russian gang bang horse catfight glans redhair (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\horse fucking public stockings .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_f8e978b0ed48a6bb\chinese horse voyeur granny .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.546_none_a93e4a2569276206\spanish xxx public hole ash .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian nude bukkake full movie titts 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\norwegian beast catfight (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_d9e58b774d1b6e80\american porn fucking masturbation .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\xxx uncut hole femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\french gay masturbation cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\animal trambling masturbation sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\swedish nude bukkake hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-nonwow64-shared_b03f5f7f11d50a3a_4.0.19041.1_none_d66d07dacac85e2d\trambling sleeping (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_10.0.19041.1_none_0341fea186758116\italian horse hardcore [free] (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\russian action beast hidden titts circumcision (Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french trambling masturbation cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\horse sleeping cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\beast [bangbus] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..tyvm-sysprep-shared_31bf3856ad364e35_10.0.19041.1_none_3ba048793ab5eb3f\handjob hardcore [milf] ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\blowjob voyeur feet hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\danish horse xxx hot (!) titts castration .zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\black fetish sperm licking hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\black action blowjob big feet sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\cum sperm [free] cock beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\tyrkish fetish fucking uncut glans young (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5116 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 5116 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 5116 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 5116 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 5116 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 5116 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 4488 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 4488 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe
PID 4488 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

Processes

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe

"C:\Users\Admin\AppData\Local\Temp\071a6ba731e471b6c758950a6bb4cbd03e06fca60fe6bed139255f53e977fa47.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 10.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 30.73.42.20.in-addr.arpa udp

Files

memory/5116-0-0x0000000000400000-0x000000000041C000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish cumshot gay [milf] .rar.exe

MD5 3cfa04cdd9d4316a31621588210b6150
SHA1 498c5587030583194ef99aee29ca57d32cdb4e68
SHA256 61e0a0aae92b5c291bcd5085216c7b95ac9654c8c66cf7a749b5249af01b0dbc
SHA512 49547e68488278c9030243c6d26264df32742169fb4510c641300a804fe8ba065858348d7ac92e37b4b624d0521c0026e4644e9c3987895ddfd56acef5967a88

memory/4488-12-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3244-19-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-105-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4488-107-0x0000000000400000-0x000000000041C000-memory.dmp

memory/3244-112-0x0000000000400000-0x000000000041C000-memory.dmp

memory/4484-113-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-115-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-140-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-168-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-172-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-188-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-194-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-210-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-214-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-218-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-222-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-226-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-230-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-235-0x0000000000400000-0x000000000041C000-memory.dmp

memory/5116-241-0x0000000000400000-0x000000000041C000-memory.dmp