Malware Analysis Report

2025-08-05 09:59

Sample ID 240403-x9a27aah54
Target 26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0
SHA256 26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0

Threat Level: Known bad

The file 26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX dump on OEP (original entry point)

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Enumerates connected drives

Adds Run key to start application

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:32

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:32

Reported

2024-04-03 19:35

Platform

win7-20240221-en

Max time kernel

150s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\cumshot voyeur legs sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\malaysia horse beastiality uncut traffic .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\spanish kicking big redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\IME\shared\black bukkake uncut 40+ .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\horse [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian hardcore blowjob [milf] stockings (Melissa,Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\System32\DriverStore\Temp\bukkake catfight cock .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\IME\shared\african porn hidden boobs bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\danish cum porn [free] boobs beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\swedish porn handjob [free] feet latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\kicking porn catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Windows Journal\Templates\danish trambling hot (!) boobs .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\animal lesbian .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\russian fucking big swallow .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\african hardcore cumshot uncut ash upskirt .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\african lingerie action uncut ejaculation (Melissa,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\spanish blowjob action voyeur lady .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Google\Temp\bukkake horse hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\danish trambling trambling full movie nipples (Christine,Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\chinese bukkake horse lesbian .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\bukkake beast hidden titts .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\african animal catfight .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american action lesbian latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\danish horse action hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\canadian nude [free] titts (Sylvia,Liz).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking cum lesbian femdom .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_a945e2c500c90142\malaysia fucking bukkake [milf] legs .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\horse kicking masturbation young .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\PLA\Templates\gay [bangbus] .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\african horse animal uncut lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\japanese fucking action catfight redhair (Sandy,Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\kicking fucking several models 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\american action cumshot [milf] boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\swedish porn hot (!) leather .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\asian action licking ash (Anniston,Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\indian bukkake masturbation .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\american handjob hot (!) .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\handjob gang bang hot (!) .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\african bukkake blowjob [free] high heels (Melissa).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\french bukkake public boobs bondage .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\security\templates\german horse kicking full movie sweet .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\american horse uncut legs .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\indian beast sleeping ìï .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\african gay kicking several models vagina pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\trambling gay uncut cock .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\bukkake beastiality voyeur feet wifey .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\bukkake hot (!) (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\african bukkake lesbian catfight boobs 50+ (Karin).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\german cumshot lesbian balls .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\hardcore hardcore full movie feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\Downloaded Program Files\trambling horse several models 50+ .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\italian beast bukkake [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\brasilian action nude hot (!) ash .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\lingerie animal sleeping YEâPSè& (Gina,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_es-es_5d6ada54ed6d35a2\danish trambling xxx uncut cock upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_2fc4a33adb648f33\fucking catfight feet .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\swedish cum hot (!) .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\cum voyeur legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\horse sleeping .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\british cumshot fucking hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\nude catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\indian handjob catfight ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\kicking uncut penetration (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\horse sleeping bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_de-de_b4aea777fe683838\german bukkake lesbian circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_6.1.7600.16385_none_6377027f0030a06a\blowjob nude [free] titts ash .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\tyrkish cum cum masturbation (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\norwegian gang bang uncut girly .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\norwegian bukkake [bangbus] balls .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian animal girls feet (Gina,Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\spanish lesbian hidden bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_6208b91f46896156\spanish hardcore masturbation glans blondie (Tatjana).avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\bukkake horse girls traffic (Jenna).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\gay public .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\gang bang gang bang [milf] boobs traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\cum hardcore catfight shoes .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\chinese kicking full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\african trambling [milf] Ôë .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\malaysia animal public granny .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african cumshot xxx voyeur cock castration .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\xxx animal several models vagina .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish sperm bukkake catfight traffic .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\gay catfight (Sandy,Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\chinese gang bang beast lesbian stockings (Ashley,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\swedish handjob animal hidden bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\british porn public .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SoftwareDistribution\Download\bukkake voyeur hole stockings (Tatjana,Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\blowjob cumshot [bangbus] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1808 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 1808 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 1808 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 1808 wrote to memory of 2184 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2184 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2184 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2184 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2184 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

Processes

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 79.131.176.91.in-addr.arpa udp
US 8.8.8.8:53 232.251.64.26.in-addr.arpa udp
US 8.8.8.8:53 125.180.181.47.in-addr.arpa udp
US 8.8.8.8:53 185.243.55.100.in-addr.arpa udp
US 8.8.8.8:53 216.12.185.224.in-addr.arpa udp
US 8.8.8.8:53 251.73.145.169.in-addr.arpa udp
US 8.8.8.8:53 76.124.161.97.in-addr.arpa udp
US 8.8.8.8:53 108.234.146.252.in-addr.arpa udp
US 8.8.8.8:53 203.136.207.188.in-addr.arpa udp
US 8.8.8.8:53 219.51.75.147.in-addr.arpa udp
US 8.8.8.8:53 62.250.51.197.in-addr.arpa udp
US 8.8.8.8:53 161.4.170.222.in-addr.arpa udp
US 8.8.8.8:53 117.164.78.240.in-addr.arpa udp
US 8.8.8.8:53 202.234.210.43.in-addr.arpa udp
US 8.8.8.8:53 130.35.188.19.in-addr.arpa udp
US 8.8.8.8:53 101.59.199.165.in-addr.arpa udp
US 8.8.8.8:53 186.213.138.190.in-addr.arpa udp
US 8.8.8.8:53 230.63.211.221.in-addr.arpa udp
US 8.8.8.8:53 225.186.16.100.in-addr.arpa udp
US 8.8.8.8:53 194.17.124.121.in-addr.arpa udp
US 8.8.8.8:53 69.142.99.249.in-addr.arpa udp
US 8.8.8.8:53 237.80.160.105.in-addr.arpa udp
US 8.8.8.8:53 121.68.190.91.in-addr.arpa udp
US 8.8.8.8:53 131.37.105.175.in-addr.arpa udp
US 8.8.8.8:53 83.157.127.75.in-addr.arpa udp
US 8.8.8.8:53 55.237.214.75.in-addr.arpa udp
US 8.8.8.8:53 108.79.209.24.in-addr.arpa udp
US 8.8.8.8:53 96.50.168.44.in-addr.arpa udp
US 8.8.8.8:53 105.69.183.175.in-addr.arpa udp

Files

memory/1808-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\african lingerie action uncut ejaculation (Melissa,Curtney).rar.exe

MD5 606c349f9f0b8878d98d1ea3d40c2304
SHA1 385a18795063f219195d6ffd79674b6ee43b7251
SHA256 a76a83359ac4f7fa3fb6f107bad0419e3881e378dd1210d652bc478a33b8dea3
SHA512 52f848c302413ef9a84a078db4a49ec2fb52688193211822ed177abf0e81c8d8ef248c494a7bd34513d32d8af1c258544b864b5bca999f86a8b4125c956ca0cf

memory/1808-76-0x0000000004C70000-0x0000000004C8D000-memory.dmp

memory/2184-77-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2184-89-0x0000000004E10000-0x0000000004E2D000-memory.dmp

memory/1808-105-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1808-107-0x0000000004C70000-0x0000000004C8D000-memory.dmp

memory/2184-108-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2184-110-0x0000000004E10000-0x0000000004E2D000-memory.dmp

memory/1660-111-0x0000000000400000-0x000000000041D000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:32

Reported

2024-04-03 19:35

Platform

win10v2004-20240226-en

Max time kernel

151s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\canadian gay full movie (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\german xxx several models femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\asian nude catfight penetration .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian animal catfight stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\sperm public titts (Gina).mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\trambling voyeur fishy (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian gay several models cock ejaculation .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beastiality trambling masturbation YEâPSè& .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\cum porn uncut ¼ë (Jade,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore full movie shower (Gina).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\african sperm big .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\french bukkake lesbian hot (!) (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Common Files\Microsoft Shared\horse horse [free] 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\cumshot nude girls .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\cumshot voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish kicking action lesbian high heels (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\british action voyeur leather (Janette,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\tyrkish cumshot horse masturbation hotel .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Google\Temp\malaysia bukkake lesbian legs black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\malaysia cumshot hidden pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\african cum fucking masturbation legs (Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\sperm girls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{A22979E4-D188-4AF0-A888-04FE21284B11}\EDGEMITMP_19EA3.tmp\american horse kicking uncut balls .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\lesbian sleeping shower .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm fetish [bangbus] mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\dotnet\shared\kicking horse voyeur .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\lingerie licking pregnant (Kathrin).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\action [free] .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\porn fucking [bangbus] castration .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\xxx hardcore masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian sperm several models titts YEâPSè& .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\swedish beast fetish girls legs .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum fetish [bangbus] glans high heels (Melissa,Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\blowjob [milf] ash .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\canadian trambling lesbian cock lady (Sarah,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish gay full movie traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling full movie .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\japanese bukkake sperm several models feet traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\horse cumshot voyeur (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american fucking sleeping titts high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\french cumshot hot (!) castration .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie public vagina (Kathrin,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\brasilian hardcore xxx licking latex .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\indian gay masturbation shower .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\malaysia kicking licking swallow .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\italian beastiality voyeur cock femdom (Sonja,Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\british nude lingerie voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\indian sperm [bangbus] vagina .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\black nude animal [bangbus] young .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cumshot blowjob [milf] sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\bukkake horse licking .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\Downloaded Program Files\malaysia gay [free] lady .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian nude xxx big titts circumcision .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian lesbian public femdom .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\assembly\temp\indian lesbian cum voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\spanish bukkake fucking [milf] pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\black beast blowjob voyeur swallow (Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese horse cumshot hot (!) hole shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\fetish blowjob masturbation hole .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish gay lingerie several models feet balls .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black nude gay big blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian cum nude public hole .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\malaysia cumshot masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\african cumshot masturbation redhair (Ashley).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\handjob trambling licking titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\french porn fucking girls titts sweet .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\cum voyeur girly (Kathrin,Gina).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german lingerie several models ash .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish kicking xxx full movie ash fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\handjob beastiality [milf] gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gang bang several models young .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\malaysia fucking beastiality girls girly .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\black porn cumshot [milf] (Karin,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\black beastiality [milf] circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\beast porn voyeur (Liz,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\blowjob voyeur cock wifey (Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SoftwareDistribution\Download\trambling licking beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\japanese sperm full movie legs (Sandy,Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\british beastiality hardcore full movie (Liz,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\security\templates\nude hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\hardcore voyeur Ôï .mpg.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian xxx sperm hidden vagina .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\animal cumshot hidden vagina circumcision (Sarah,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\canadian trambling girls pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\beastiality porn masturbation .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\handjob uncut gorgeoushorny .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\african hardcore beastiality [free] shoes .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\CbsTemp\chinese cum full movie black hairunshaved (Karin,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese porn voyeur wifey .rar.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish horse horse several models sweet (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\asian sperm [milf] beautyfull (Curtney).avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\handjob licking (Sarah,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\InputMethod\SHARED\gay catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast full movie redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beast action uncut hole circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2056 wrote to memory of 5444 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2056 wrote to memory of 5444 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2056 wrote to memory of 5444 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2056 wrote to memory of 5352 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2056 wrote to memory of 5352 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 2056 wrote to memory of 5352 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 5444 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 5444 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe
PID 5444 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

Processes

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe

"C:\Users\Admin\AppData\Local\Temp\26ae6d2225770d603171ec9d88e149926653b8f94c431a867ad01de44a0eeea0.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4472 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 210.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
GB 142.250.187.202:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

memory/2056-0-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish kicking action lesbian high heels (Sylvia).mpg.exe

MD5 e3f673e2655a427733249346b5b3b3c0
SHA1 1f8f3779b07a07bc1d7907e80c783063711db918
SHA256 2c10fdcd79aed1a6e9b1d380e3d39e79ae3517a2aa417c7efdfa538a369b11d6
SHA512 667cb2df244c5713e59677a0b07452c82b327940ac7dbb6b95936a780dcc85d3c56e3a1f23f3e7e9740c699e3344aa323225c7d888f1490d3eaba068961c4dfe

memory/5444-10-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5352-12-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5408-13-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2056-90-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5444-169-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5352-172-0x0000000000400000-0x000000000041D000-memory.dmp

memory/5408-180-0x0000000000400000-0x000000000041D000-memory.dmp