Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-xndaeshg2s
Target 1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79
SHA256 1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79

Threat Level: Known bad

The file 1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79 was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

Checks computer location settings

Reads user/profile data of web browsers

UPX packed file

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 18:59

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 18:59

Reported

2024-04-03 19:04

Platform

win7-20240221-en

Max time kernel

224s

Max time network

262s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\IME\shared\french horse masturbation nipples beautyfull .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\indian blowjob full movie hole .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\System32\DriverStore\Temp\action gang bang full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\gay public ash .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish fucking big swallow (Christine,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\brasilian action masturbation legs ash .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian sperm big titts .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\IME\shared\sperm full movie fishy .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\gang bang licking titts redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian beast kicking hot (!) vagina balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\gang bang horse [milf] (Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\malaysia cumshot horse several models hotel .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\swedish bukkake [milf] hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\german lesbian uncut balls (Sandy).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Windows Journal\Templates\swedish hardcore cumshot public legs .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\nude animal several models girly (Tatjana,Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\french porn fucking voyeur feet circumcision (Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\british fetish action [bangbus] .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\norwegian blowjob xxx uncut black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\asian porn big nipples mistress (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\blowjob bukkake sleeping (Karin,Gina).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\DVD Maker\Shared\tyrkish beastiality uncut penetration (Britney,Jenna).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\black handjob lingerie [milf] mistress (Sonja,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\spanish sperm full movie .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\black cum voyeur black hairunshaved .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\assembly\tmp\british fetish xxx several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cum cumshot hot (!) young (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_9498b282333b64ec\brasilian handjob horse public mistress (Sonja,Sylvia).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_perfcounter_31bf3856ad364e35_6.1.7600.16385_none_4d274741486b900c\american porn action voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_657d9a203abeb154\beast hidden bondage .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian action voyeur young (Jenna,Sonja).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0993a1b8823a4e79\british kicking horse girls .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\german gay voyeur (Britney,Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\nude catfight beautyfull .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_0ac4ebfc358e5ec0\indian animal horse voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp\xxx catfight (Christine).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_de-de_e30b5ec05031d17d\black fetish sleeping traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\swedish beast trambling catfight shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_f0ca3430257ea13f\swedish bukkake several models ejaculation (Janette,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\american cumshot full movie ìï (Kathrin,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\german horse kicking public redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beast hardcore [free] (Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\xxx sperm catfight hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\italian gang bang big pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\tyrkish beast catfight upskirt .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\horse public hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_98b24799b5d08c05\japanese action bukkake girls traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_3d98a610fed70b75\kicking hot (!) 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\spanish action licking feet swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_515dc677700303ec\animal blowjob [bangbus] cock beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_b7f38afb92de484f\italian xxx cum [bangbus] bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\brasilian cumshot big high heels .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\asian horse animal several models circumcision .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0af98f1835676d1b\italian lesbian kicking hot (!) mistress (Liz,Sandy).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\cumshot cum voyeur sweet (Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\brasilian fetish licking nipples 40+ .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\swedish gang bang uncut glans ìï .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_6.1.7601.17514_none_3c93ac15fd731acf\trambling cumshot lesbian blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese horse uncut shoes (Ashley,Sonja).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_7f84cd98a7a56fd8\french cumshot lingerie big boobs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_65b23d3c3a97bfaf\gay handjob hidden feet .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\security\templates\spanish action horse [bangbus] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\lesbian sperm hidden legs swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\black nude fucking [bangbus] ìï .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp\swedish handjob trambling girls (Christine).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\russian handjob beast lesbian penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_7bfdfb15e7184c41\porn lesbian big feet penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\animal gang bang licking cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\gay lingerie sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\beast hidden glans fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\Downloads\trambling catfight sweet (Ashley).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\norwegian nude trambling full movie titts hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\canadian cumshot cum licking wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_6.1.7600.16385_none_1412267f4b3bb985\british hardcore hidden glans .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\gay cum licking titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_f3c374fc18118ca2\indian cum bukkake hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\cumshot big hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\handjob uncut traffic .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian porn sleeping lady .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_bcc167434bb9b3ea\chinese porn horse uncut hole 50+ (Curtney,Kathrin).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_ddab3bcb3a4ffb45\french handjob cum public boobs .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\black animal voyeur (Kathrin,Sonja).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\InstallTemp\black gang bang hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\horse xxx sleeping (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sx-shared_31bf3856ad364e35_6.1.7600.16385_none_387a16fe7addf3b6\japanese lesbian hot (!) penetration .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\PLA\Templates\animal girls swallow (Kathrin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\gay handjob voyeur glans .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\spanish nude handjob hot (!) redhair .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp\african xxx [milf] ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2960 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 2960 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 2960 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 2960 wrote to memory of 528 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 528 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 528 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 528 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 528 wrote to memory of 2504 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 153.195.152.246.in-addr.arpa udp

Files

memory/2960-0-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-2-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-3-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\nude animal several models girly (Tatjana,Ashley).avi.exe

MD5 520ecc40f27b8e6e7c1cc1f8d88adaf5
SHA1 f7165f97b3ea5d30beafcd4a50fb89e286649707
SHA256 85ccbf10101025d84d0e3a18ed2f34b5f6795aface41a6e1309bbcb78a75eea3
SHA512 ce4a685aa8a78336df1e7335cc403222e064a2446a5ac392b85c178970f2368146c1b91f9958b7816dbc18686cb7785a80c409b51d21f22be5ca47e30118d89a

memory/2504-53-0x0000000000400000-0x000000000041E000-memory.dmp

memory/528-52-0x0000000001E80000-0x0000000001E9E000-memory.dmp

memory/2960-66-0x0000000000400000-0x000000000041E000-memory.dmp

memory/528-67-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2504-68-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-69-0x0000000000400000-0x000000000041E000-memory.dmp

memory/528-71-0x0000000001E80000-0x0000000001E9E000-memory.dmp

memory/2960-73-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-76-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-102-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-108-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-111-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-114-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-118-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-121-0x0000000000400000-0x000000000041E000-memory.dmp

memory/2960-124-0x0000000000400000-0x000000000041E000-memory.dmp

C:\debug.txt

MD5 ac8b9d29b7190285213e2bc68c27a05f
SHA1 c9a89c66b2cfa80c0082ef2a5ffbdf5d818c1d74
SHA256 219bce714198b0eeae20f0a95c246d3b67d8e77907f149312e4462dbefa5b13f
SHA512 91d807d1423c1f06867bda90bbf6445be286a42fe784d04892fd2b50a51643cba4d3ed7e25f26f83d41085f9f107fc5faeeda99609d86b32dba35f3bcf73a8dd

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 18:59

Reported

2024-04-03 19:02

Platform

win10v2004-20240226-en

Max time kernel

161s

Max time network

162s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\FxsTmp\horse hardcore voyeur cock boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\horse hot (!) titts .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\brasilian animal horse lesbian 40+ (Sonja,Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\lesbian voyeur boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian cum lingerie public (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\japanese cumshot beast [bangbus] hole (Ashley,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\russian kicking fucking uncut titts (Christine,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\System32\DriverStore\Temp\horse hot (!) (Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\tyrkish cumshot gay girls titts black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish nude hardcore several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking lesbian (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Sidebar\Shared Gadgets\danish cumshot lingerie hot (!) hole beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\indian kicking beast several models gorgeoushorny (Christine,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Google\Temp\brasilian beastiality lesbian [free] shower .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Install\{1FAC69E2-6A78-4418-8957-20DE7094BB95}\EDGEMITMP_86547.tmp\horse masturbation glans .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\dotnet\shared\beast lesbian (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay hidden beautyfull .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\american beastiality beast [bangbus] mistress .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese action lingerie hidden (Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\russian kicking trambling sleeping glans .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american action xxx hidden 50+ .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\blowjob hot (!) .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american nude hardcore big (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\gay full movie titts circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\sperm [bangbus] sweet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian kicking sperm hot (!) feet .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\trambling masturbation feet upskirt .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\xxx girls feet blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files\Common Files\microsoft shared\japanese gang bang lesbian hot (!) granny .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish nude fucking public pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\black porn sperm several models castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\german sperm uncut glans leather .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\hardcore licking circumcision (Gina,Samantha).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\gang bang fucking several models glans bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_es-es_8da1621e0a800290\handjob beast several models (Karin).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\Downloaded Program Files\russian cumshot sperm [bangbus] glans pregnant .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\nude beast full movie hotel .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gay big glans (Sonja,Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\sperm uncut mistress .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\american gang bang sperm lesbian (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\nude sperm [milf] titts pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\french lingerie public redhair .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\italian horse horse girls redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.746_none_aaeae146be52e178\american nude sperm several models hole pregnant (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\InputMethod\SHARED\fucking [milf] hole 40+ (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\russian fetish fucking [bangbus] cock .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\chinese beast hot (!) .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sx-shared_31bf3856ad364e35_10.0.19041.1_none_ee94ce5eb8e7e4c0\cum sperm several models .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\trambling public .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\animal beast public cock circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_en-us_64f5aaf4bb13ecef\cumshot gay masturbation feet sweet (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\chinese bukkake [milf] shoes .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\british bukkake girls glans leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\horse licking blondie .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-update-upshared_31bf3856ad364e35_10.0.19041.84_none_85259eff919b7c9e\canadian gay public (Jade).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_it-it_1a80ce63d483fe70\beastiality blowjob hidden cock boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\tyrkish action beast masturbation .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\russian fetish trambling several models titts (Jenna,Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\italian kicking xxx girls (Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\horse hardcore big feet high heels (Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.746_none_96167fa49059f7a3\animal fucking hidden (Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_4ac6500cab2b2113\asian fucking uncut beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\PLA\Templates\american beastiality gay voyeur cock swallow .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\kicking blowjob [bangbus] glans shower (Sarah).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\norwegian lesbian catfight shoes .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\chinese beast public castration (Gina,Karin).avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedfolders-adm_31bf3856ad364e35_10.0.19041.1_none_096bb4dc0d5d63a0\beast sleeping hole .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\security\templates\danish nude horse several models castration .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie voyeur pregnant .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action lesbian uncut pregnant (Christine,Sylvia).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse fucking licking cock balls (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\trambling girls cock pregnant (Jade).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese sperm sleeping sm .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\hardcore voyeur glans .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\fucking [bangbus] titts circumcision .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\danish action lingerie girls titts 40+ .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_10.0.19041.1_es-es_64c107d8bb3ade94\animal blowjob masturbation mature (Britney,Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_10.0.19041.746_none_e2c6a972a81b8d2c\gay licking beautyfull .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\japanese cumshot fucking [milf] feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum sperm girls feet (Jenna,Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\handjob bukkake masturbation titts (Anniston,Curtney).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\african lingerie several models glans .zip.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\norwegian sperm lesbian .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.746_none_822bf1ada1526fa8\nude lingerie voyeur (Samantha).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\american cum gay [bangbus] cock sm (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang beast uncut cock sweet .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian bukkake [free] lady (Ashley,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse trambling [free] .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\french lingerie lesbian hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\french xxx several models titts pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\french gay voyeur granny .avi.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\assembly\temp\japanese fetish gay voyeur .rar.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish fetish sperm lesbian hotel (Kathrin,Janette).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish porn lesbian lesbian mature .mpg.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1580 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 1580 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 1580 wrote to memory of 4700 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 1580 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 1580 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 1580 wrote to memory of 3364 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 4700 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 4700 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe
PID 4700 wrote to memory of 3640 N/A C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe

"C:\Users\Admin\AppData\Local\Temp\1755af268f1c596328c8f6d2a238b9eb3efb5057625db6ad3da553aa6550bf79.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4880 --field-trial-handle=3488,i,1267426273081718772,6254127258555406296,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 218.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 99.58.20.217.in-addr.arpa udp

Files

memory/1580-0-0x0000000000400000-0x000000000041E000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay hidden beautyfull .mpeg.exe

MD5 51c6b9cb044b4afaa56ec8ced2ea3e7c
SHA1 48d820d262ee4c4f17003079a3d12bcae594fbc4
SHA256 7af5c0e4789dc1a033dbf333f11b22f15057ec5eafc557ec6969a579f1f74669
SHA512 7edfdbc6bcbad457ef8c19357187e9a7154e9d5ad9c1ae9c2e4401c8efbede3bfc14debfe4bc927eddbb7eda15153f9bea883371620493d72816eaea15f15e8e

memory/3364-11-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-20-0x0000000000400000-0x000000000041E000-memory.dmp

memory/4700-148-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3364-162-0x0000000000400000-0x000000000041E000-memory.dmp

memory/3640-163-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-178-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-179-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-195-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-199-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-211-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-215-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-219-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-223-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-231-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-235-0x0000000000400000-0x000000000041E000-memory.dmp

memory/1580-239-0x0000000000400000-0x000000000041E000-memory.dmp