Malware Analysis Report

2025-08-05 10:00

Sample ID 240403-xr1vwsac95
Target 1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b
SHA256 1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b
Tags
upx persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b

Threat Level: Known bad

The file 1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b was found to be: Known bad.

Malicious Activity Summary

upx persistence spyware stealer

UPX dump on OEP (original entry point)

UPX dump on OEP (original entry point)

Detects executables containing possible sandbox analysis VM usernames

UPX packed file

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:06

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:05

Reported

2024-04-03 19:08

Platform

win7-20240221-en

Max time kernel

150s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\config\systemprofile\russian cum lesbian hidden (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\blowjob lesbian YEâPSè& (Ashley,Tatjana).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\brasilian animal hardcore uncut .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\black porn gay hot (!) granny .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\IME\shared\trambling [bangbus] leather .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\System32\DriverStore\Temp\cum fucking [milf] hole upskirt (Tatjana).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\nude gay [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\hardcore [milf] feet latex .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\danish animal lesbian public hole .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\lesbian voyeur glans .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\Templates\gay several models cock redhair (Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\gay catfight (Sylvia).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\beast uncut feet sweet (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish animal fucking big redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\beast catfight (Curtney).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\DocumentShare\japanese kicking trambling girls sm .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Templates\horse big blondie (Sonja,Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\fucking [milf] wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\lesbian several models titts (Britney,Sarah).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\DVD Maker\Shared\black gang bang horse several models hole .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore sleeping lady (Britney,Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\russian cum lesbian full movie (Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsTemplates\italian kicking xxx sleeping redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal bukkake catfight sm .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\danish gang bang gay big feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_it-it_ea4a469ab7713182\british horse lesbian feet (Gina,Liz).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_8c6fc5a7aa8c435d\african blowjob hidden .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_bacc7ceffc55dca2\norwegian sperm masturbation hole fishy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_39c9d74ef2ad6c7b\british xxx hot (!) feet .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_a727eb798dcfb185\beastiality blowjob uncut titts latex (Janette).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\sperm several models leather .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\bukkake sleeping .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_2e7f079c3208e549\gay voyeur (Karin).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_f27c4f066f5c6701\chinese beast masturbation glans circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_es-es_00bfb7e81e458178\beastiality hardcore big glans high heels .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_3863e9ef3f804dd9\norwegian lesbian big bedroom .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\canadian horse [free] hole leather .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp\tyrkish cumshot fucking sleeping (Sarah).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\malaysia lesbian public cock traffic .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_6.1.7600.16385_none_99b74194b7347cab\norwegian beast public cock .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0835101f2d90c7b6\british blowjob public (Sarah).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_6.1.7600.16385_none_5499606faffb3f9f\canadian hardcore licking shower .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_97a45841ff925aa0\tyrkish cumshot hardcore uncut glans latex .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian handjob sperm catfight .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\assembly\GAC_MSIL\Microsoft.SharePoint.BusinessData.Administration.Client.Intl\danish cum sperm hot (!) titts fishy (Melissa).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_94828572f7ddbf0f\chinese beast licking cock stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_6.1.7601.17514_none_4fe2107fd06efdd8\beastiality fucking hot (!) titts gorgeoushorny .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5d9f7d70ed4643fd\british sperm licking balls .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american action trambling [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_f25d066604c2ad34\canadian hardcore full movie feet young .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_6.1.7601.17514_none_d81c96999f75bd77\german beast public 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_a3772de7111797da\action gay uncut high heels .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_6.1.7600.16385_none_49dd84a06c7c8863\tyrkish handjob sperm catfight glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_39374e2435a71b47\african xxx [milf] blondie .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_es-es_aea650787d30ed8a\kicking horse [free] cock fishy (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_it-it_3b85bcbe4734e96a\danish cum trambling girls (Melissa).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_6.1.7600.16385_none_8419660d1cc97b24\danish horse fucking [free] feet granny .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_6.1.7600.16385_none_293ea1e3e6bc5364\malaysia hardcore [free] hole redhair .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_6.1.7600.16385_none_965db382b6fef5cb\bukkake public .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_6.1.7601.17514_none_d8216ed3d8746200\black cum lesbian catfight lady .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_de-de_05ea1d9b8e2bf020\cumshot fucking [milf] cock .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_en-us_aedaf3947d09fbe5\beast hot (!) feet lady .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_6.1.7601.17514_none_dd18b2a07d49aa11\malaysia blowjob several models hole bedroom .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\swedish nude xxx several models (Samantha).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\Temp\bukkake masturbation feet .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ad7c61fb28607522\beast hidden hole .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-h..-hmeshare.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_00225053e03f4c04\french hardcore lesbian (Jade).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_en-us_00f45b041e1e8fd3\african bukkake hot (!) cock beautyfull (Samantha).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8d9f242de8497d58\swedish gang bang hardcore big bedroom .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_netfx-shared_netfx_20_mscorwks_31bf3856ad364e35_6.1.7600.16385_none_dba3691c6002e10e\african fucking sleeping .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_es-es_095efe9c8261401e\chinese horse lesbian titts .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_ac16749b75335680\japanese horse trambling big feet .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_it-it_963e6ae24c653bfe\tyrkish cum bukkake hot (!) feet latex .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\brasilian horse beast [bangbus] .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_6.1.7600.16385_none_5e4ff1f4cf2dee9b\chinese lingerie masturbation hole penetration (Liz).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_netfx_20_mscorlib_b03f5f7f11d50a3a_6.1.7600.16385_none_2958d4a31d2ec64f\asian gay [milf] stockings .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_es-es_8bc7919d3f36cee7\indian action trambling several models glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\InstallTemp\beastiality horse big glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_netfx-shared_registry_whidbey_31bf3856ad364e35_6.1.7600.16385_none_664dbffec8693dfe\gay public glans (Christine,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_6.1.7600.16385_de-de_5803850b2f40840e\black kicking gay [free] cock (Jenna,Curtney).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\security\templates\brasilian animal xxx several models feet circumcision .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\african horse uncut hole .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8bfc34b93f0fdd42\brasilian beastiality beast hot (!) feet .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_6.1.7600.16385_de-de_60a2cbbf935c42b4\sperm big pregnant .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian horse xxx uncut .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\x86_microsoft-windows-m..-temptable-provider_31bf3856ad364e35_6.1.7600.16385_none_1dd3ce8d1e7524cd\indian gang bang beast masturbation beautyfull (Kathrin,Melissa).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\Downloaded Program Files\xxx hidden glans YEâPSè& (Liz).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\winsxs\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_6.1.7600.16385_it-it_18a6fde3093acac7\animal gay sleeping .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2044 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2044 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2044 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2400 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2400 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2400 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 2400 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.168.87.186.in-addr.arpa udp
US 8.8.8.8:53 40.80.55.192.in-addr.arpa udp
US 8.8.8.8:53 116.34.145.191.in-addr.arpa udp
US 8.8.8.8:53 71.54.174.173.in-addr.arpa udp
US 8.8.8.8:53 57.118.54.210.in-addr.arpa udp
US 8.8.8.8:53 192.175.22.28.in-addr.arpa udp
US 8.8.8.8:53 109.131.16.104.in-addr.arpa udp
US 8.8.8.8:53 128.153.239.14.in-addr.arpa udp
US 8.8.8.8:53 29.99.252.13.in-addr.arpa udp
US 8.8.8.8:53 114.26.31.223.in-addr.arpa udp
US 8.8.8.8:53 126.238.202.236.in-addr.arpa udp
US 8.8.8.8:53 85.189.5.148.in-addr.arpa udp
US 8.8.8.8:53 50.85.155.254.in-addr.arpa udp
US 8.8.8.8:53 7.8.133.167.in-addr.arpa udp
US 8.8.8.8:53 29.235.86.145.in-addr.arpa udp
US 8.8.8.8:53 20.223.87.134.in-addr.arpa udp
US 8.8.8.8:53 187.183.88.104.in-addr.arpa udp
US 8.8.8.8:53 195.183.146.6.in-addr.arpa udp
US 8.8.8.8:53 143.232.238.198.in-addr.arpa udp
US 8.8.8.8:53 59.238.90.90.in-addr.arpa udp
US 8.8.8.8:53 246.183.25.178.in-addr.arpa udp
US 8.8.8.8:53 170.128.32.22.in-addr.arpa udp
US 8.8.8.8:53 195.50.8.196.in-addr.arpa udp
US 8.8.8.8:53 29.15.241.21.in-addr.arpa udp
US 8.8.8.8:53 65.162.93.193.in-addr.arpa udp
US 8.8.8.8:53 246.70.110.206.in-addr.arpa udp
US 8.8.8.8:53 184.123.81.130.in-addr.arpa udp
US 8.8.8.8:53 236.43.113.179.in-addr.arpa udp

Files

memory/2044-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian animal bukkake catfight sm .mpg.exe

MD5 9bce52e7018b771c2ec31500dd2ca931
SHA1 1027a7a3252910f3d74c300b987abe1880ab2c0f
SHA256 917dc1f8316e14f3cda2463ffc4e511f9e184b39350c277a7906a5eab9eacc56
SHA512 477d5bce98d16f183e71a2587693d4f6699e2446c581bba19145a0495f56278af644a7df76591addc307d21554db2416ec0bd5cb0f3b09eae5e6ab1a2d42f8cf

memory/2044-57-0x0000000005BF0000-0x0000000005C19000-memory.dmp

memory/2400-58-0x0000000000400000-0x0000000000429000-memory.dmp

memory/2400-89-0x0000000004E10000-0x0000000004E39000-memory.dmp

memory/2612-90-0x0000000000400000-0x0000000000429000-memory.dmp

C:\debug.txt

MD5 c97782175e47a95d06fb869b454509fc
SHA1 bba54e6cec2d0dc0c7a04681d44909c7a36002f7
SHA256 259d4f047b29e70822150651a2a52de83ef6b0dbd1661cb7177769844f0e8bcd
SHA512 a79b3dcdd5a0c2c39067bcac09021e0295a3fa03616c9f11b2f192fc4f5f197d3e44f8b1c5e8a7f7c57c9523ffff00a1aa28dd022d7177e51923614036501322

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:05

Reported

2024-04-03 19:08

Platform

win10v2004-20240226-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

Signatures

Detects executables containing possible sandbox analysis VM usernames

Description Indicator Process Target
N/A N/A N/A N/A

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe" C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\Temp\lesbian public vagina wifey .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\italian fetish hot (!) fishy .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\animal cumshot uncut ash .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\canadian fucking sperm [free] black hairunshaved .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\canadian blowjob sleeping pregnant .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black cum trambling [milf] glans sweet .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\gang bang animal [milf] vagina 40+ .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\IME\SHARED\lingerie uncut balls (Gina).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\System32\LogFiles\Fax\Incoming\nude lingerie sleeping glans .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish gay fetish lesbian redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\FxsTmp\beast nude lesbian glans (Ashley,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\kicking porn voyeur cock traffic .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Templates\spanish blowjob [milf] (Anniston).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Google\Update\Download\bukkake hot (!) shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft\Temp\fetish hot (!) redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian horse lesbian wifey .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\danish bukkake action uncut \Û .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\horse lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Microsoft Office\Updates\Download\hardcore uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\hardcore hidden .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse lingerie [milf] girly .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\action masturbation pregnant .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Google\Temp\hardcore sperm [milf] titts .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn gang bang lesbian blondie .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Common Files\microsoft shared\beastiality animal hot (!) hole sm .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang lesbian titts (Tatjana).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\kicking nude uncut titts circumcision (Curtney,Samantha).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\dotnet\shared\danish nude hidden .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files\Windows Sidebar\Shared Gadgets\russian blowjob cumshot hot (!) redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia animal [free] boobs Ôï .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish fucking action [milf] .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\japanese gay beastiality licking .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\sperm full movie titts (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet-sharedcomponents_b03f5f7f11d50a3a_4.0.19041.1_none_47ca94859da20b28\chinese action hardcore masturbation boobs .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\security\templates\russian cum gay voyeur boots .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SoftwareDistribution\Download\SharedFileCache\beastiality sleeping swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_4756d423b091d10b\xxx beastiality catfight swallow .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_21122d7205c6f5b9\gay catfight titts hotel (Janette).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6c85d64de79e0985\malaysia gang bang porn uncut .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\cumshot handjob [milf] ash .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\fetish lingerie sleeping hotel (Anniston,Karin).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\porn horse [milf] (Liz,Liz).mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese fetish hidden legs balls .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..acejoin-gptemplates_31bf3856ad364e35_10.0.19041.1_none_609f27436445f4da\tyrkish xxx blowjob hidden cock mature (Britney).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\mssrv.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\black lesbian nude big glans hairy .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1_none_97e9c0335b4cd39a\sperm fetish catfight (Anniston).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_67a96afcfa248327\american bukkake voyeur black hairunshaved .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_c9ce604ef4cbf323\sperm beastiality public (Sonja,Sylvia).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\canadian handjob bukkake public 50+ .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\ServiceProfiles\NetworkService\Downloads\cum [bangbus] boobs gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\italian lingerie several models vagina fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-u..ell-sharedutilities_31bf3856ad364e35_10.0.19041.1_none_813610a8a9b59e0a\nude horse lesbian gorgeoushorny .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-s..ty-kerbclientshared_31bf3856ad364e35_10.0.19041.1288_none_6115038ba57fcb33\beast [milf] (Sylvia).avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\american gay voyeur .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.1_none_4a03fd12cb3f16c2\american fucking beastiality hot (!) bedroom .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_3a3c49005c947bac\italian beast full movie boobs hotel .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\indian horse lingerie [milf] titts leather (Sarah,Tatjana).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\spanish fetish bukkake big cock (Janette,Anniston).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_netfx-aspnet_installsqlstatetemp_b03f5f7f11d50a3a_10.0.19041.1_none_03040a328f65b761\canadian gang bang animal full movie swallow .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\xxx gay girls hairy .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\beastiality nude hot (!) titts circumcision .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-sharedfoldersui_31bf3856ad364e35_10.0.19041.1_none_7862ecae0548fb54\german cum licking ash .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-systempropertiesremote_31bf3856ad364e35_10.0.19041.1_none_551afa5edf8be30e\animal uncut ash latex (Curtney).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\handjob bukkake uncut .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\action animal catfight penetration .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\x86_netfx4-installsqlstatetemplate_sql_b03f5f7f11d50a3a_4.0.15805.0_none_bde408a455fc3ece\chinese action hardcore hidden YEâPSè& .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\PLA\Templates\bukkake voyeur upskirt (Curtney,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\malaysia kicking lingerie hot (!) (Ashley).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\french lingerie xxx public .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\swedish sperm [milf] femdom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\x86_microsoft.grouppolicy.admtmpleditor_31bf3856ad364e35_10.0.19041.1_none_34e3bab50607a64b\horse [milf] feet .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\porn gang bang big fishy .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-s..mon-sharedresources_31bf3856ad364e35_10.0.19041.1_none_5417ea1f38dbb76b\brasilian sperm sperm hot (!) Ôï (Curtney,Janette).zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\american trambling uncut titts .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\japanese beastiality catfight .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-w..templates.resources_31bf3856ad364e35_10.0.19041.1_de-de_e4e52f411b7b0526\canadian beastiality licking .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\british trambling gay catfight boobs ejaculation (Janette).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cumshot lesbian full movie ash .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\malaysia handjob beastiality several models cock hairy .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\black beastiality fucking licking boobs stockings (Janette,Britney).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\wow64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_ca03036af4a5017e\cumshot [free] .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish fetish public (Jenna,Sonja).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn fucking [bangbus] titts shower .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\trambling cumshot catfight .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\Temp\malaysia fucking catfight shoes .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake girls vagina (Sonja,Sandy).mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\norwegian cumshot kicking licking beautyfull (Sonja,Sandy).rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american fetish masturbation legs .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\brasilian animal voyeur .mpg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\african cum lesbian .avi.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\brasilian xxx [free] boobs redhair .zip.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-sharedrealitysvc_31bf3856ad364e35_10.0.19041.1_none_5a23b464e1e0b15e\british animal kicking [free] bedroom .mpeg.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
File created C:\Windows\WinSxS\amd64_microsoft-windows-t..boration-sharer-api_31bf3856ad364e35_10.0.19041.84_none_c494b3b28da10665\gang bang gay hidden redhair .rar.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 960 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 960 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 960 wrote to memory of 4836 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 960 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 960 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 960 wrote to memory of 4080 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 4836 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 4836 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe
PID 4836 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe

"C:\Users\Admin\AppData\Local\Temp\1a88a76e65ae59b5e70300048bcb2425db14698ceff32a6d9878d8422610438b.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 241.66.18.2.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 42.11.103.171.in-addr.arpa udp
US 8.8.8.8:53 213.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 32.211.172.186.in-addr.arpa udp
US 8.8.8.8:53 29.133.171.138.in-addr.arpa udp
US 8.8.8.8:53 97.232.32.236.in-addr.arpa udp
US 8.8.8.8:53 160.54.86.8.in-addr.arpa udp
US 8.8.8.8:53 81.27.191.78.in-addr.arpa udp
US 8.8.8.8:53 246.29.53.102.in-addr.arpa udp
US 8.8.8.8:53 24.7.129.73.in-addr.arpa udp
US 8.8.8.8:53 127.1.139.37.in-addr.arpa udp
US 8.8.8.8:53 37.142.26.190.in-addr.arpa udp
US 8.8.8.8:53 64.39.33.247.in-addr.arpa udp
US 8.8.8.8:53 114.205.57.175.in-addr.arpa udp
US 8.8.8.8:53 43.184.192.42.in-addr.arpa udp
US 8.8.8.8:53 23.108.196.224.in-addr.arpa udp
US 8.8.8.8:53 248.208.195.162.in-addr.arpa udp
US 8.8.8.8:53 207.32.43.9.in-addr.arpa udp
US 8.8.8.8:53 8.157.212.242.in-addr.arpa udp
US 8.8.8.8:53 219.182.238.49.in-addr.arpa udp
US 8.8.8.8:53 151.241.27.44.in-addr.arpa udp
US 8.8.8.8:53 253.184.190.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 9.203.16.65.in-addr.arpa udp
US 8.8.8.8:53 21.117.216.79.in-addr.arpa udp
US 8.8.8.8:53 26.191.132.151.in-addr.arpa udp
US 8.8.8.8:53 207.39.66.220.in-addr.arpa udp
US 8.8.8.8:53 182.145.179.34.in-addr.arpa udp
US 8.8.8.8:53 226.161.31.225.in-addr.arpa udp
US 8.8.8.8:53 167.28.128.168.in-addr.arpa udp
US 8.8.8.8:53 219.114.110.8.in-addr.arpa udp
US 8.8.8.8:53 48.210.50.20.in-addr.arpa udp
US 8.8.8.8:53 104.81.228.154.in-addr.arpa udp
US 8.8.8.8:53 70.202.145.28.in-addr.arpa udp
US 8.8.8.8:53 30.114.140.16.in-addr.arpa udp
US 8.8.8.8:53 212.188.128.116.in-addr.arpa udp
US 8.8.8.8:53 197.66.135.52.in-addr.arpa udp
US 8.8.8.8:53 70.65.240.157.in-addr.arpa udp
US 8.8.8.8:53 254.125.140.221.in-addr.arpa udp
US 8.8.8.8:53 217.115.145.228.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 18.179.99.203.in-addr.arpa udp
US 8.8.8.8:53 147.139.220.252.in-addr.arpa udp
US 8.8.8.8:53 247.186.230.207.in-addr.arpa udp
US 8.8.8.8:53 191.29.180.153.in-addr.arpa udp
US 8.8.8.8:53 8.217.43.32.in-addr.arpa udp
US 8.8.8.8:53 224.71.163.52.in-addr.arpa udp
US 8.8.8.8:53 189.140.46.84.in-addr.arpa udp
US 8.8.8.8:53 90.95.122.214.in-addr.arpa udp
US 8.8.8.8:53 165.253.154.216.in-addr.arpa udp
US 8.8.8.8:53 119.240.209.235.in-addr.arpa udp
US 8.8.8.8:53 96.106.16.245.in-addr.arpa udp
US 8.8.8.8:53 180.207.183.15.in-addr.arpa udp
US 8.8.8.8:53 223.121.152.1.in-addr.arpa udp
US 8.8.8.8:53 102.117.254.40.in-addr.arpa udp
US 8.8.8.8:53 161.147.229.135.in-addr.arpa udp
US 8.8.8.8:53 48.151.49.166.in-addr.arpa udp
US 8.8.8.8:53 225.32.119.28.in-addr.arpa udp
US 8.8.8.8:53 6.182.26.249.in-addr.arpa udp
US 8.8.8.8:53 189.46.224.99.in-addr.arpa udp
US 8.8.8.8:53 172.193.234.125.in-addr.arpa udp
US 8.8.8.8:53 50.152.118.40.in-addr.arpa udp
US 8.8.8.8:53 183.165.22.146.in-addr.arpa udp
US 8.8.8.8:53 217.60.74.63.in-addr.arpa udp
US 8.8.8.8:53 192.1.226.107.in-addr.arpa udp
US 8.8.8.8:53 123.138.192.161.in-addr.arpa udp
US 8.8.8.8:53 70.26.243.104.in-addr.arpa udp
US 8.8.8.8:53 97.47.168.67.in-addr.arpa udp
US 8.8.8.8:53 211.21.191.237.in-addr.arpa udp
US 8.8.8.8:53 13.79.229.117.in-addr.arpa udp
US 8.8.8.8:53 69.213.255.228.in-addr.arpa udp
US 8.8.8.8:53 80.65.87.252.in-addr.arpa udp
US 8.8.8.8:53 45.252.92.133.in-addr.arpa udp
US 8.8.8.8:53 51.254.203.86.in-addr.arpa udp
US 8.8.8.8:53 88.239.227.24.in-addr.arpa udp
US 8.8.8.8:53 189.49.142.220.in-addr.arpa udp

Files

memory/960-0-0x0000000000400000-0x0000000000429000-memory.dmp

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gang bang lesbian titts (Tatjana).mpeg.exe

MD5 a4bd81082bd8258ee71460744a921c9d
SHA1 ca89e00f4f774cbbb48e5dce286ff6a9a2488a3c
SHA256 d4c2d730d4536e85a2ec1a0ab7ff0c7b2f0c2a15042664c7de8c2b097086dffb
SHA512 9409257bbe2f1e0a66892a041796354cd5f45b770aa4a62b7e1b70afa2f81c1e617676d4e8d6d2d1a97bcb59fc3d46b63774a64571310b07119d6ca0196f2fe5

memory/4836-30-0x0000000000400000-0x0000000000429000-memory.dmp

memory/4080-161-0x0000000000400000-0x0000000000429000-memory.dmp

memory/856-162-0x0000000000400000-0x0000000000429000-memory.dmp