Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-x2pklsab9t
Target 21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b
SHA256 21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b
Tags
persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b

Threat Level: Known bad

The file 21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b was found to be: Known bad.

Malicious Activity Summary

persistence spyware stealer

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox analysis VM usernames

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:21

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:21

Reported

2024-04-03 19:23

Platform

win7-20240221-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\trambling licking feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\hardcore hot (!) cock femdom .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\malaysia horse [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\xxx [bangbus] titts hotel (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay big cock granny (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\bukkake [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\lingerie masturbation feet gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\beast catfight shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish cum beast full movie ejaculation .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\swedish porn lesbian sleeping cock .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\microsoft shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\swedish cumshot gay catfight .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish action hardcore licking titts black hairunshaved (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx full movie ¼ç .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Google\Temp\brasilian porn lingerie public feet upskirt (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\japanese fetish bukkake hot (!) upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\trambling [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\sperm girls cock YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Windows Journal\Templates\russian fetish lingerie public .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\russian horse gay hot (!) hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\italian nude lesbian sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\action hardcore voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\horse big cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\DVD Maker\Shared\indian porn sperm uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\swedish kicking horse voyeur feet wifey (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\spanish fucking girls latex .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\spanish horse masturbation titts castration .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\italian cum fucking catfight (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\canadian beast masturbation upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\chinese bukkake voyeur boots .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\russian gang bang blowjob uncut glans upskirt .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\blowjob lesbian glans bondage (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\trambling [milf] titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\fetish xxx lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\malaysia bukkake full movie titts high heels (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\sperm girls feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\black handjob lingerie catfight castration .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\canadian blowjob uncut cock (Britney,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\black porn beast voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\spanish horse [free] cock circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\german blowjob licking cock hotel (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\asian xxx voyeur hole mature .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\Temp\blowjob girls hole .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\swedish gang bang lesbian big blondie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\brasilian nude horse licking girly .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\fetish horse voyeur glans .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\spanish horse full movie feet sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\spanish sperm voyeur (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\InstallTemp\animal hardcore big (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia lingerie public titts femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\malaysia horse [milf] (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\indian horse hardcore several models .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\animal blowjob masturbation YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\black fetish beast [free] .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\trambling public .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish gang bang beast several models leather .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\horse licking (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\xxx girls YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\nude beast full movie .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\handjob horse full movie blondie (Christine,Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\african hardcore [bangbus] titts fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish horse beast public (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\french lingerie catfight glans .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\danish cum hardcore licking leather (Jenna,Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\russian cum trambling licking (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\canadian trambling masturbation hole young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\french bukkake big hole gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian fetish hardcore girls (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\PLA\Templates\fucking several models glans .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_34400a5790d1d336\nude horse public cock blondie (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\blowjob girls (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\black kicking sperm voyeur feet shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\indian nude trambling hot (!) hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\malaysia blowjob hidden (Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\Downloaded Program Files\italian animal xxx several models young .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\swedish cumshot gay masturbation swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\horse [free] 50+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\beast masturbation cock .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\black handjob lingerie hidden (Sarah).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\action beast public .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\lesbian catfight feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\gay public hole .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\brasilian action bukkake masturbation redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish porn fucking full movie leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\asian horse licking swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\xxx lesbian upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\brasilian horse blowjob voyeur wifey .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\temp\tyrkish kicking beast licking titts high heels .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3028 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 3028 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 3028 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 3028 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2588 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2588 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2588 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2588 wrote to memory of 1836 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 242.198.179.183.in-addr.arpa udp
US 8.8.8.8:53 64.188.83.219.in-addr.arpa udp
US 8.8.8.8:53 84.57.170.221.in-addr.arpa udp
US 8.8.8.8:53 225.130.250.96.in-addr.arpa udp
US 8.8.8.8:53 254.171.149.59.in-addr.arpa udp
US 8.8.8.8:53 202.43.12.25.in-addr.arpa udp
US 8.8.8.8:53 160.14.213.81.in-addr.arpa udp
US 8.8.8.8:53 51.232.216.29.in-addr.arpa udp
US 8.8.8.8:53 4.113.106.58.in-addr.arpa udp
US 8.8.8.8:53 143.135.203.221.in-addr.arpa udp
US 8.8.8.8:53 25.57.168.227.in-addr.arpa udp
US 8.8.8.8:53 112.35.133.82.in-addr.arpa udp
US 8.8.8.8:53 204.77.230.76.in-addr.arpa udp
US 8.8.8.8:53 75.42.24.2.in-addr.arpa udp
US 8.8.8.8:53 214.248.37.150.in-addr.arpa udp
US 8.8.8.8:53 217.203.118.41.in-addr.arpa udp
US 8.8.8.8:53 10.251.47.123.in-addr.arpa udp
US 8.8.8.8:53 253.118.25.182.in-addr.arpa udp
US 8.8.8.8:53 181.204.131.163.in-addr.arpa udp
US 8.8.8.8:53 56.19.109.253.in-addr.arpa udp
US 8.8.8.8:53 100.74.165.222.in-addr.arpa udp
US 8.8.8.8:53 7.157.26.248.in-addr.arpa udp
US 8.8.8.8:53 157.90.105.197.in-addr.arpa udp
US 8.8.8.8:53 123.102.134.59.in-addr.arpa udp
US 8.8.8.8:53 30.164.65.217.in-addr.arpa udp
US 8.8.8.8:53 244.171.14.92.in-addr.arpa udp
US 8.8.8.8:53 229.65.188.12.in-addr.arpa udp

Files

memory/3028-0-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files (x86)\Common Files\microsoft shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe

MD5 1d29952cd372fbece9f22944f3c4d116
SHA1 ae25625bcd24834f4e19457d1bd3b14ddb278aee
SHA256 58de123f1cb3efc1f3840557db6ae92b87c60558b08e31143c58a93e0b3ea767
SHA512 b60ee6db46a565a6cf70d9ab76e673d39ed2da988e24a711c51a900eef7ba02f797188d9fea80b54b5145d717ead84d7db9a3026ded7616683e9f1edb0f4bcd7

memory/3028-39-0x0000000005010000-0x000000000503B000-memory.dmp

memory/2588-42-0x0000000000400000-0x000000000042B000-memory.dmp

memory/2588-78-0x0000000004F20000-0x0000000004F4B000-memory.dmp

memory/1836-79-0x0000000000400000-0x000000000042B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:21

Reported

2024-04-03 19:23

Platform

win10v2004-20231215-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\horse licking balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\xxx licking cock mature .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian beastiality trambling [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gay masturbation feet black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish kicking blowjob [free] swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish handjob hardcore catfight balls .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian hot (!) feet redhair (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\blowjob catfight feet .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese cumshot hardcore girls glans girly (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\horse [free] traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay several models fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\lesbian [milf] titts upskirt (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\russian fetish lingerie public .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\xxx full movie ΋ .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian kicking fucking masturbation feet lady (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\american gang bang gay hidden cock (Sonja,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian horse hardcore uncut (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish action hardcore licking titts black hairunshaved (Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian porn lingerie public feet upskirt (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian horse gay hot (!) hairy .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\japanese fetish bukkake hot (!) upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Google\Temp\black gang bang sperm masturbation (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\horse big cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\dotnet\shared\indian porn sperm uncut YEâPSè& .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\swedish kicking horse voyeur feet wifey (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\hardcore licking hole leather .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\indian gang bang xxx hot (!) shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\lingerie public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian handjob xxx sleeping (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\security\templates\tyrkish cum fucking masturbation titts pregnant (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_8fafa997b9980bea\trambling girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\norwegian fucking big glans sm .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\swedish handjob fucking voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british lingerie voyeur (Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\lesbian full movie titts sm .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_b6514808f7d87b1a\african horse public sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\sperm hot (!) cock .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\xxx [bangbus] hole penetration (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\italian nude xxx lesbian (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_91025638be651781\black beastiality blowjob catfight balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_bca64d70c79f104b\fetish fucking full movie penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_fad1fa0072ef4a3a\african lingerie uncut titts (Sandy,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\hardcore public titts black hairunshaved .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian handjob beast uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\black nude hardcore voyeur hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.1151_none_025296d718a7b3a8\asian horse [bangbus] feet .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\trambling full movie upskirt .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\italian handjob xxx hidden high heels (Anniston,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\norwegian lesbian lesbian (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\swedish animal blowjob licking lady .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\blowjob [free] titts sweet (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_d980e9752d51efac\blowjob big (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\chinese beast sleeping granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\animal trambling big hole Ôï .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\chinese trambling licking bedroom (Sonja,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\japanese beastiality blowjob licking swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\lesbian hidden feet shower (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\bukkake voyeur sm (Sandy,Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese kicking lingerie [bangbus] balls .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\italian horse beast masturbation hole .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\norwegian blowjob [bangbus] hole bedroom (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\asian lesbian [bangbus] cock beautyfull (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\fetish horse several models cock .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_a4327320c19e2fa7\norwegian lingerie hidden cock redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\PLA\Templates\xxx hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\indian action hardcore masturbation glans .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\canadian horse catfight castration .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\spanish lingerie hidden cock blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\hardcore hidden .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_d12f2a9a88909fc2\tyrkish beastiality hardcore [free] feet traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlmshared_31bf3856ad364e35_10.0.19041.1_none_7d9dab4e456449b1\danish action fucking licking titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\british lingerie licking shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\swedish porn gay hidden (Jade).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_10.0.19041.1_none_359f84f8e5af60e2\spanish blowjob hot (!) titts YEâPSè& (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\tyrkish kicking sperm [bangbus] titts ash .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\italian action gay full movie bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\hardcore voyeur fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.207_none_e2f2dfeea7fa44fc\gay voyeur (Jade).rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_07787dd7ae0cf4f6\spanish trambling several models .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_a06b29f6c4bab99e\african bukkake sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\swedish cumshot lingerie voyeur high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\spanish gay licking feet mistress (Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\brasilian beastiality trambling [milf] sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\black horse fucking [milf] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish gang bang beast full movie glans shoes (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\Temp\indian kicking hardcore [free] latex .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\japanese action sperm uncut cock .zip.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_de598551b74a3964\blowjob licking penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_56adcc94becfef03\kicking sperm licking .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_a23e6a858fad9595\cum sperm catfight Ôï .rar.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_4ab14109a3e1e067\spanish trambling catfight bondage .avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\beast girls leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedpc-sharedpccsp_31bf3856ad364e35_10.0.19041.1_none_24f622f1fc5a3f3c\action hardcore masturbation penetration (Jenna,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2244 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2244 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2244 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2244 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2244 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 2244 wrote to memory of 3712 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 1908 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 1908 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe
PID 1908 wrote to memory of 2976 N/A C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe

"C:\Users\Admin\AppData\Local\Temp\21392b015c4bc94c97383344fab4c7d3ac805f9104236704ce713d73486c3b4b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 84.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 65.125.45.145.in-addr.arpa udp
US 8.8.8.8:53 165.15.246.237.in-addr.arpa udp
US 8.8.8.8:53 5.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 227.97.18.2.in-addr.arpa udp
US 8.8.8.8:53 34.156.199.216.in-addr.arpa udp
US 8.8.8.8:53 113.195.190.160.in-addr.arpa udp
US 8.8.8.8:53 112.170.35.130.in-addr.arpa udp
US 8.8.8.8:53 149.173.26.153.in-addr.arpa udp
US 8.8.8.8:53 184.33.37.151.in-addr.arpa udp
US 8.8.8.8:53 104.38.108.223.in-addr.arpa udp
US 8.8.8.8:53 59.56.168.15.in-addr.arpa udp
US 8.8.8.8:53 56.203.186.99.in-addr.arpa udp
US 8.8.8.8:53 157.198.156.242.in-addr.arpa udp
US 8.8.8.8:53 21.46.171.150.in-addr.arpa udp
US 8.8.8.8:53 232.148.136.128.in-addr.arpa udp
US 8.8.8.8:53 234.50.124.77.in-addr.arpa udp
US 8.8.8.8:53 91.114.171.29.in-addr.arpa udp
US 8.8.8.8:53 178.239.245.158.in-addr.arpa udp
US 8.8.8.8:53 75.243.86.255.in-addr.arpa udp
US 8.8.8.8:53 73.25.123.140.in-addr.arpa udp
US 8.8.8.8:53 81.10.28.171.in-addr.arpa udp
US 8.8.8.8:53 22.128.56.5.in-addr.arpa udp
US 8.8.8.8:53 248.11.102.148.in-addr.arpa udp
US 8.8.8.8:53 116.88.28.114.in-addr.arpa udp
US 8.8.8.8:53 123.255.76.250.in-addr.arpa udp
US 8.8.8.8:53 82.234.68.163.in-addr.arpa udp
US 8.8.8.8:53 112.118.156.234.in-addr.arpa udp
US 8.8.8.8:53 43.12.15.111.in-addr.arpa udp
US 8.8.8.8:53 44.112.110.181.in-addr.arpa udp
US 8.8.8.8:53 167.2.210.162.in-addr.arpa udp
US 8.8.8.8:53 110.102.180.252.in-addr.arpa udp
US 8.8.8.8:53 165.178.100.105.in-addr.arpa udp
US 8.8.8.8:53 238.201.249.53.in-addr.arpa udp
US 8.8.8.8:53 137.161.33.6.in-addr.arpa udp
US 8.8.8.8:53 120.153.204.6.in-addr.arpa udp
US 8.8.8.8:53 148.225.192.225.in-addr.arpa udp
US 8.8.8.8:53 113.89.83.128.in-addr.arpa udp
US 8.8.8.8:53 241.67.19.229.in-addr.arpa udp
US 8.8.8.8:53 216.177.87.8.in-addr.arpa udp
US 8.8.8.8:53 244.42.17.199.in-addr.arpa udp
US 8.8.8.8:53 55.217.191.115.in-addr.arpa udp
US 8.8.8.8:53 154.70.231.177.in-addr.arpa udp
US 8.8.8.8:53 47.67.123.113.in-addr.arpa udp
US 8.8.8.8:53 128.151.34.157.in-addr.arpa udp
US 8.8.8.8:53 80.115.225.104.in-addr.arpa udp
US 8.8.8.8:53 77.214.21.183.in-addr.arpa udp
US 8.8.8.8:53 46.34.109.106.in-addr.arpa udp
US 8.8.8.8:53 126.78.86.231.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 177.103.134.250.in-addr.arpa udp
US 8.8.8.8:53 126.231.227.45.in-addr.arpa udp
US 8.8.8.8:53 6.183.115.83.in-addr.arpa udp
US 8.8.8.8:53 51.213.81.241.in-addr.arpa udp
US 8.8.8.8:53 21.209.13.229.in-addr.arpa udp
US 8.8.8.8:53 189.102.93.242.in-addr.arpa udp
US 8.8.8.8:53 89.99.111.22.in-addr.arpa udp
US 8.8.8.8:53 62.114.8.138.in-addr.arpa udp
US 8.8.8.8:53 92.147.172.92.in-addr.arpa udp
US 8.8.8.8:53 118.140.52.103.in-addr.arpa udp
US 8.8.8.8:53 6.56.255.22.in-addr.arpa udp
US 8.8.8.8:53 249.86.212.145.in-addr.arpa udp
US 8.8.8.8:53 212.58.180.123.in-addr.arpa udp
US 8.8.8.8:53 195.99.66.69.in-addr.arpa udp
US 8.8.8.8:53 96.91.166.215.in-addr.arpa udp
US 8.8.8.8:53 42.52.141.49.in-addr.arpa udp
US 8.8.8.8:53 210.195.67.233.in-addr.arpa udp
US 8.8.8.8:53 65.118.31.195.in-addr.arpa udp
US 8.8.8.8:53 26.14.141.20.in-addr.arpa udp
US 8.8.8.8:53 9.221.182.133.in-addr.arpa udp
US 8.8.8.8:53 80.147.210.238.in-addr.arpa udp
US 8.8.8.8:53 11.180.222.17.in-addr.arpa udp
US 8.8.8.8:53 65.98.243.44.in-addr.arpa udp
US 8.8.8.8:53 245.181.209.44.in-addr.arpa udp
US 8.8.8.8:53 103.254.42.67.in-addr.arpa udp
US 8.8.8.8:53 88.113.63.86.in-addr.arpa udp
US 8.8.8.8:53 232.238.193.89.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/2244-0-0x0000000000400000-0x000000000042B000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian full movie feet (Sandy,Sylvia).mpeg.exe

MD5 1d29952cd372fbece9f22944f3c4d116
SHA1 ae25625bcd24834f4e19457d1bd3b14ddb278aee
SHA256 58de123f1cb3efc1f3840557db6ae92b87c60558b08e31143c58a93e0b3ea767
SHA512 b60ee6db46a565a6cf70d9ab76e673d39ed2da988e24a711c51a900eef7ba02f797188d9fea80b54b5145d717ead84d7db9a3026ded7616683e9f1edb0f4bcd7

memory/1908-44-0x0000000000400000-0x000000000042B000-memory.dmp

memory/3712-165-0x0000000000400000-0x000000000042B000-memory.dmp